IKE Utilities and Files
The following table summarizes the configuration files for IKE policy, the storage locations
for IKE keys, and the various commands and services that implement IKE. For
more about services, see Chapter 1, Managing Services (Overview), in Managing Services and Faults in Oracle Solaris 11.1.
Table 9-2 IKE Configuration Files, Key Storage Locations, Commands, and Services
|
|
|
svc:/network/ipsec/ike |
The SMF service
that manages IKE. |
|
/usr/lib/inet/in.iked |
Internet Key Exchange (IKE) daemon. Activates automated key management when the
ike service is enabled. |
|
/usr/sbin/ikeadm |
IKE administration command for viewing and temporarily modifying the
IKE policy. Enables you to view IKE administrative objects, such as Phase 1
algorithms and available Diffie-Hellman groups. |
|
/usr/sbin/ikecert |
Certificate database management command for manipulating local databases that hold
public key certificates. The databases can also be stored on attached hardware. |
|
/etc/inet/ike/config |
Default configuration file
for the IKE policy. Contains the site's rules for matching inbound IKE requests
and preparing outbound IKE requests. If this file exists, the in.iked daemon
starts when the ike service is enabled. The location of this file can be
changed by the svccfg command. |
|
ike.preshared |
Preshared keys file in the /etc/inet/secret directory. Contains
secret keying material for authentication in the Phase 1 exchange. Used when configuring
IKE with preshared keys. |
|
ike.privatekeys |
Private keys directory in the /etc/inet/secret directory. Contains the private keys
that are part of a public-private key pair. |
|
publickeys directory |
Directory in the /etc/inet/ike
directory that holds public keys and certificate files. Contains the public key part of
a public-private key pair. |
|
crls directory |
Directory in the /etc/inet/ike directory that holds revocation lists
for public keys and certificate files. |
|
Sun Crypto Accelerator 6000 board |
Hardware that accelerates
public key operations by offloading the operations from the operating system. The board
also stores public keys, private keys, and public key certificates. The Sun Crypto
Accelerator 6000 board is a FIPS 140-2 certified device at Level 3. |
|
|