Using OpenSSL Certificates with HP-UX IPSec A.01.07 and HP-UX IPSec A.02.00
certs/
hostname
.p12
/bin/sh
if [ $# -ne 1 ]; then
echo "hostname required"
exit 1
fi
#
# Create an RSA public/private key pair with key length of 1024
# bits
#
openssl genrsa -out private/$1.key 1024
#
# Create a certificate signing request (CSR)
#
openssl req -new -key private/$1.key -out newcerts/$1.csr \
-days 365
#
# Create an extension file with the system’s primary IP address
#
echo "IP Address:"
read IP_addr
echo "subjectAltName=IP:$IP_addr" > newcerts/$1.ext
#
# Submit the CSR and extension file to the CA so it signs
# the certificate.
#
#
openssl ca -out certs/$1.cert -extfile newcerts/$1.ext \
-infiles newcerts/$1.csr
#
# Save the certificate, private key, and CA certificate
# in a PKCS#12 file
#
openssl pkcs12 -export -inkey private/$1.key -in certs/$1.cert \
-certfile cacert.pem -out certs/$1.p12
openssl ca -gencrl -crldays 15 -out crl/crl.pem
openssl crl -in crl/crl.pem -outform der -out crl/crl.der
ldapmodify
certificationAuthority –a
ldapmodify -a -v –w - -W -D “cn=admin,ou=lab,o=example,c=us” \
-f crl.ldif
ldapmodify
cACertificate certificateRevocationList
cacert.der crl.der
authorityRevocationList
authorityRevocationList certificationAuthority
crl.ldif