HP-UX IPSec A.02.01 Release Notes
HP-UX IPSec Release Notes
Post-Installation Migration Instructions
Chapter 114
ipsec_config add startup -autoboot on
Step 5. Start HP-UX IPSec:
ipsec_admin -start
Certificate Files
Beginning with release A.02.01, HP-UX IPSec stores certificate files in a generic (not
vendor-specific) storage scheme. The ipsec_migrate utility performs the following tasks
when migrating to HP-UX IPSec version A.02.01 from previous versions:
• Modifies the format of the file /var/adm/ipsec/cainfo.txt and adds a version string.
• Renames the certificate file (/var/adm/ipsec/certs.txt or /var/adm/ipsec/.Bcerts)
/var/adm/ipsec/ipsec.cert.
• Renames the key file (/var/adm/ipsec/javabeans.txt or /var/adm/ipsec/.Bsec)
/var/adm/ipsec/ipsec.key.
Retrieving a Baltimore Certificate Revocation List
Beginning with release A.02.01, HP-UX IPSec no longer supports the cron script file
/var/adm/ipsec_gui/cron/baltimoreCRL.cron to retrieve the Certificate Revocation List
(CRL) for Baltimore certificates. If you had an entry in the root user’s crontab file to execute
the baltimoreCRL.cron file, you must replace it with an entry that executes
/var/adm/ipsec_gui/crl.cron and resubmit the crontab file.
Retrieving a VeriSign Certificate Revocation List
Beginning with release A.02.01, HP-UX IPSec no longer supports the VeriSign CRL automatic
retrieval method using the /var/adm/ipsec_gui/cron/crl.cron script file. (The
/var/adm/ipsec_gui/crl.cron file in version A.02.01 retrieves a CRL from an LDAP
directory.) If you had an entry in the root user’s crontab file to execute the crl.cron file, you
must delete it.
To retrieve a VeriSign CRL, you must manually retrieve it using the VeriSign OnSite web
interface to store it in a local file, and then use the following command to manually store the
file in the HP-UX IPSec storage scheme:
ipsec_config add crl -file
crl_filename
The
crl_filename
is the name of the local file that contains the CRL retrieved from VeriSign.