Configuring IKEv2 With Public Key Certificates
Public certificates can be a good choice for large deployments. For more information,
see IKE With Public Key Certificates.
Public key certificates are stored in a softtoken keystore by the
Cryptographic Framework.
For background information, see How IKE Works.
The following task map lists procedures for creating public key certificates for
IKEv2.
Table 10 Configuring IKEv2 With Public Key Certificates Task Map
|
|
|
Create a keystore for certificates.
|
Initializes the PKCS #11 keystore where the certificates for IKEv2 are stored.
|
|
Configure IKEv2 with self-signed public key certificates.
|
Creates a public key certificate signed by you. Exports the certificate to peers and imports
the peers' certificates.
|
|
Configure IKEv2 with a certificate from a CA.
|
Requires you to create a CSR and then import all returned certificates into the keystore.
Then, verify and import the IKE peers' certificates.
|
|
Configure how revoked certificates are handled.
|
Determines if CRLs are used and OCSP servers are polled, including how to handle network
delays.
|
|
|