HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
1. Create the X.509 Certificates
To create a certificate for the HP-UX HIDS System Manager process, first generate
the ids user locally on the HP-UX HIDS administration system. Only then can
the certificates for each of the agent nodes be signed by the HP-UX HIDS
administration system. The administration system holds the Root Certification
Authority (Root CA) that endorses all other certificates.
a. On the administration system, log in as follows:
$su - ids
b. Change your directory to /opt/ids/bin, as follows:
$cd /opt/ids/bin
c. Generate the following administration keys:
$IDS_genAdminKeys install
This creates the Root CA and the administration certificate. They are stored
in the /etc/opt/ids/certs/admin directory. The keyword install is
optional.
If you need to regenerate the administration certificate later, for example, if
the current certificate has expired without invalidating the agent certificates
you make in step d, enter the command again with the update option. For
example:
$IDS_genAdminKeys update
If you do not use the update option, the command also recreates the Root
CA, making the existing agent certificates no longer trusted by the
administration system. Repeat step d and steps 2 and 3.
Following is an example of the installation process run on the administration
host, adminsys:
$ IDS_genAdminKeys
==> Be sure to run this script on the IDS
Administration host.
Generating a certificate request for IDS Root
CA...
Generating a self-signed certificate for IDS
Root CA...
Generating a certificate for the HP-UX Host
IDS System Manager...
Generating cert signing request for HP-UX
Host IDS System Manager...
Signing the HP-UX Host IDS System Manager
certificate request...
Importing IDS Root CA certificate...
Importing the HP-UX Host IDS System Manager
certificate...
************************************************************
* Successfully created certificates for IDS
Setting Up HP-UX HIDS Secure Communications 35