Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: September 2018
 
 

Configuring IKEv2 With Public Key Certificates

Public certificates can be a good choice for large deployments. For more information, see IKE With Public Key Certificates.

Public key certificates are stored in a softtoken keystore by the Cryptographic Framework. On systems with attached hardware, the certificates can also be generated and stored in the hardware. For the procedure, see How to Generate and Store Public Key Certificates for IKEv2 in Hardware.

For background information, see How IKE Works.

The following task map lists procedures for creating public key certificates for IKEv2. The procedures include how to store the certificates in a hardware keystore if your system has an attached Sun Crypto Accelerator 6000 board.

Table 14  Configuring IKEv2 With Public Key Certificates Task Map
Task
Description
For Instructions
Create a keystore for certificates.
Initializes the PKCS #11 keystore where the certificates for IKEv2 are stored.
Configure IKEv2 with self-signed public key certificates.
Creates a public key certificate signed by you. Exports the certificate to peers and imports the peers' certificates.
Configure IKEv2 with a certificate from a CA.
Requires you to create a CSR and then import all returned certificates into the keystore. Then, verify and import the IKE peers' certificates.
Configure how revoked certificates are handled.
Determines if CRLs are used and OCSP servers are polled, including how to handle network delays.
Configure the storage of certificates in the keystore of attached hardware.
Locates the Sun Crypto Accelerator 6000 board and configures IKEv2 to use it.