Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
111112113114115116117118119120
NOTE: Refer to the supplicant documentation to determine each supplicant’s specific certificate
requirements. For example, some supplicants require the client and server certificate to have the
Enhanced Key Usage (EKU) field. For the client certificate, the Enhanced Key Usage (EKU) field
must contain the Client Authentication certificate purpose (OID "1.3.6.1.5.5.7.3.2"); and, for the
server certificate, the EKU field must contain the Server Authentication certificate purpose (OID
"1.3.6.1.5.5.7.3.1").
Installing Server Certificates and Keys
Copy the server certificate and key file to the HP-UX AAA Server in the /etc/opt/aaa/
security/directory.
If you are using TLS, copy the client CA certificate to the /etc/opt/aaa/security/
directory. You can combine multiple CA files into one file.
For TLS users whose certificates have been revoked, copy or append their certificates to the
Certificate Revocation List (CRL) file.
Installing Client Certificates and Keys
1. Copy the server CA certificate to the client.
2. Copy the client certificate to the client (for TLS only).
3. Use your supplicant’s utility to install and configure the certificates.
Defining Certificate Locations on the HP-UX AAA Server
The HP-UX AAA Server uses its self-signed certificates by default. If you want to use your own
certificates, you must define where the required certificates reside on the AAA server. Following
steps illustrate how to define certificate locations:
1. In the navigation tree, click Server Properties in the navigation tree.
2. Click Certificate Properties.
The Certificate Properties pane opens as shown in Figure 40.
Figure 40 Server Manager’s Certificate Properties Screen
Digital Certificate Administration 117