IPSec certificate management

The IKE daemon and NSS server require the ability to retrieve digital certificates from a RACF® key ring, each associated with a particular identity, and also to perform operations with the associated private key. The IKED can own multiple certificates on its RACF key ring. The NSS server can own multiple certificates for multiple NSS clients (that is, stacks). You can install an X509 digital certificate in the following ways:

• Generate an X509 digital certificate and have it signed by a certificate authority.
• Generate a self-signed X509 digital certificate.
• Migrate an existing key database to a RACF key ring.