226 .el o
227 IKE rule defaults
228 .RE
229 .RS +4
230 .TP
231 .ie t \(bu
232 .el o
233 IKE rules
234 .RE
235 .sp
236 .LP
237 The global parameter entries are as follows:
238 .sp
239 .ne 2
240 .na
241 \fBcert_root \fIcert-sel\fR\fR
242 .ad
243 .sp .6
244 .RS 4n
245 The X.509 distinguished name of a certificate that is a trusted root CA
246 certificate.It must be encoded in a file in the \fB/etc/inet/ike/publickeys\fR
247 directory. It must have a CRL in \fB/etc/inet/ike/crl\fRs. Multiple
248 \fBcert_root\fR parameters aggregate.
249 .RE
250
251 .sp
252 .ne 2
253 .na
254 \fBcert_trust \fIcert-sel\fR\fR
255 .ad
256 .sp .6
257 .RS 4n
258 Specifies an X.509 distinguished name of a certificate that is self-signed, or
259 has otherwise been verified as trustworthy for signing IKE exchanges. It must
260 be encoded in a file in \fB/etc/inet/ike/publickeys\fR. Multiple
261 \fBcert_trust\fR parameters aggregate.
262 .RE
263
264 .sp
265 .ne 2
266 .na
|
226 .el o
227 IKE rule defaults
228 .RE
229 .RS +4
230 .TP
231 .ie t \(bu
232 .el o
233 IKE rules
234 .RE
235 .sp
236 .LP
237 The global parameter entries are as follows:
238 .sp
239 .ne 2
240 .na
241 \fBcert_root \fIcert-sel\fR\fR
242 .ad
243 .sp .6
244 .RS 4n
245 The X.509 distinguished name of a certificate that is a trusted root CA
246 certificate. It must be encoded in a file in the \fB/etc/inet/ike/publickeys\fR
247 directory. It must have a CRL in \fB/etc/inet/ike/crl\fRs. Multiple
248 \fBcert_root\fR parameters aggregate.
249 .RE
250
251 .sp
252 .ne 2
253 .na
254 \fBcert_trust \fIcert-sel\fR\fR
255 .ad
256 .sp .6
257 .RS 4n
258 Specifies an X.509 distinguished name of a certificate that is self-signed, or
259 has otherwise been verified as trustworthy for signing IKE exchanges. It must
260 be encoded in a file in \fB/etc/inet/ike/publickeys\fR. Multiple
261 \fBcert_trust\fR parameters aggregate.
262 .RE
263
264 .sp
265 .ne 2
266 .na
|