ike-certificate-profile
The ike-certificate-profile subelement references a public certificate that authenticates a specific IKEv2 identity, as well as one of more CA certificates used to validate a certificate offered by a remote peer.
Parameters
- identity
- Enter the local IKEv2 entity that using the authentication and validation credentials provided by this ike-certificate-profile instance.
-
- Default: None
- Values: An IP address or fully-qualified domain name (FQDN) that uniquely identifies the user of resources provided by this ike-certificate-profile instance
- end-entity-certificate
- Enter the unique name of a certificate-record configuration element referencing the identification credential (specifically, an X509.v3 certificate) offered by a local IKEv2 entity in support of its asserted identity.
- Default: None
- Values: Name of an existing certificate-record configuration element
- trusted-ca-certificates
- Enter the unique names of one or more certificate-record configuration elements referencing Certification Authority (CA) certificates used to authenticate a remote IKEv2 peer.
- Default: None
- Values: A comma separated list of existing CA certificate-record configuration elements.
- verify-depth
- Enter the maximum number of chained certificates that will be processed while authenticating the IKEv2 peer.
- Default: 10
- Values: Min: 1 | Max: 10
Path
ike-certificate-profile is a subelement under the ike element. The full path from the topmost ACLI prompt is: .
Note:
This is a multiple instance configuration element.