Public certificates can be a good choice for large deployments. For more information, see IKE With Public Key Certificates.
Public key certificates are stored in a softtoken keystore by the Cryptographic Framework. On systems with attached hardware, the certificates can also be generated and stored in the hardware. For the procedure, see How to Generate and Store Public Key Certificates for IKEv2 in Hardware.
For background information, see How IKE Works.
The following task map lists procedures for creating public key certificates for IKEv2. The procedures include how to store the certificates in a hardware keystore if your system has an attached Sun Crypto Accelerator 6000 board.