Manualshelf

HP-UX IPSec A.02.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
HP-UX IPSec Release Notes
What’s in This Version
Chapter 1 5
ipsec_config add certificate: Adds certificates for the local system and the
CA to the HP-UX IPSec storage scheme.
ipsec_config add crl: Adds a Certificate Revocation List to the HP-UX IPSec
storage scheme. The source can be a local file or an entry in a Lightweight
Directory Access Protocol (LDAP) directory.
ipsec_config delete certificate: Deletes the certificate for the local system
and the CA’s certificate from the HP-UX IPSec storage scheme.
ipsec_config show certificate: Displays the contents of the certificate for the
local system. This command also displays LDAP directory information for the
CRL, if configured.
Refer to the ipsec_config_add (1M) manpage for more information.
—The format of the /var/adm/ipsec/cainfo.txt file is changed.
—The /var/adm/ipsec/.Bsec and /var/adm/ipsec_gui/javabeans.txt files are no
longer supported. Certificate key data is now stored in the file
/var/adm/ipsec/ipsec.key.
—The /var/adm/ipsec/.Bcerts and /var/adm/ipsec/certs.txt files are no longer
supported. Certificates are now stored in the file /var/adm/ipsec/ipsec.certs.
HP-UX IPSec no longer supports the cron script file
/var/adm/ipsec_gui/cron/baltimoreCRL.cron to retrieve the Certificate
Revocation List (CRL) for Baltimore certificates. If you have an entry in the root user’s
crontab file to execute the baltimoreCRL.cron file, you must replace it with an entry
that executes /var/adm/ipsec_gui/cron/crl.cron and resubmit the crontab file.
HP-UX IPSec no longer supports the proprietary method for retrieving VeriSign
CRLs. The contents of the /var/adm/ipsec_gui/cron/crl.cron script file have
changed. The new crl.cron file can be used only to retrieve a CRL from an LDAP
directory, and reads information from the /var/adm/cainfo.txt file.
Configuration file templates: HP-UX IPSec now provides ipsec_config batch file
templates in the directory /var/adm/ipsec/templates.
HP-UX IPSec supports a new command: ipsec_config export. This command exports
the contents of the configuration database to a batch file that you can use as input for the
ipsec_config batch command. The command can also take the output from the
ipsec_config show all command and create a batch file.
HP-UX IPSec no longer includes Java runtime components. You must now install the Java
Runtime Environment (JRE) version 1.4 or later to use the ipsec_migrate and
ipsec_config add crl commands, and the /var/adm/ipsec_gui/cron/crl.cron script
file. JRE version 1.4 is included with HP-UX 11i version 2 (B.11.23) by default.