JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Securing the Network in Oracle Solaris 11.1     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Using Link Protection in Virtualized Environments

2.  Tuning Your Network (Tasks)

3.  Web Servers and the Secure Sockets Layer Protocol

4.  IP Filter in Oracle Solaris (Overview)

5.  IP Filter (Tasks)

6.  IP Security Architecture (Overview)

7.  Configuring IPsec (Tasks)

8.  IP Security Architecture (Reference)

9.  Internet Key Exchange (Overview)

Key Management With IKE

IKE Key Negotiation

IKE Key Terminology

IKE Phase 1 Exchange

IKE Phase 2 Exchange

IKE Configuration Choices

IKE With Preshared Key Authentication

IKE With Public Key Certificates

IKE Utilities and Files

10.  Configuring IKE (Tasks)

11.  Internet Key Exchange (Reference)

Glossary

Index

IKE Utilities and Files

The following table summarizes the configuration files for IKE policy, the storage locations for IKE keys, and the various commands and services that implement IKE. For more about services, see Chapter 1, Managing Services (Overview), in Managing Services and Faults in Oracle Solaris 11.1.

Table 9-2 IKE Configuration Files, Key Storage Locations, Commands, and Services

File, Location, Command, or Service
Description
Man Page
svc:/network/ipsec/ike
The SMF service that manages IKE.
/usr/lib/inet/in.iked
Internet Key Exchange (IKE) daemon. Activates automated key management when the ike service is enabled.
/usr/sbin/ikeadm
IKE administration command for viewing and temporarily modifying the IKE policy. Enables you to view IKE administrative objects, such as Phase 1 algorithms and available Diffie-Hellman groups.
/usr/sbin/ikecert
Certificate database management command for manipulating local databases that hold public key certificates. The databases can also be stored on attached hardware.
/etc/inet/ike/config
Default configuration file for the IKE policy. Contains the site's rules for matching inbound IKE requests and preparing outbound IKE requests.

If this file exists, the in.iked daemon starts when the ike service is enabled. The location of this file can be changed by the svccfg command.

ike.preshared
Preshared keys file in the /etc/inet/secret directory. Contains secret keying material for authentication in the Phase 1 exchange. Used when configuring IKE with preshared keys.
ike.privatekeys
Private keys directory in the /etc/inet/secret directory. Contains the private keys that are part of a public-private key pair.
publickeys directory
Directory in the /etc/inet/ike directory that holds public keys and certificate files. Contains the public key part of a public-private key pair.
crls directory
Directory in the /etc/inet/ike directory that holds revocation lists for public keys and certificate files.
Sun Crypto Accelerator 6000 board
Hardware that accelerates public key operations by offloading the operations from the operating system. The board also stores public keys, private keys, and public key certificates. The Sun Crypto Accelerator 6000 board is a FIPS 140-2 certified device at Level 3.