Installing the IP security feature

Edit online

The IP Security feature in AIX® is separately installable and loadable.

The file sets that must be installed are as follows:

  • bos.net.ipsec.rte (The runtime environment for the kernel IP Security environment and commands)
  • bos.msg.LANG.net.ipsec (where LANG is the specified language, such as en_US)
  • bos.net.ipsec.keymgt
  • clic.rte (CryptoLite for C, fileset for DES, triple DES and AES encryption)
For IKE digital signature support, you must also install the latest GSKit package from the Expansion Pack.
Note: When creating a new keystore database for IKE digital signature support with GSkit8 version 8.0.50.69 or later, create the stash by using the -v1 stash flag. The following example shows the usage of the gsk8capicmd with the -v1 stash flag:
gsk8capicmd -keydb -create -db <Keydb_name> -pw <password_for_kdb> -type cms -stash -v1 stash

After it is installed, IP Security can be separately loaded for IP Version 4 and IP Version 6, either by using the recommended procedure that is provided in Loading IP security or by using the mkdev command.