Manualshelf

HP-UX IPSec A.02.01.01 Release Notes for HP-UX 11i v1 | HP-UX 11i v2, Update 2

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
9101112131415161718
Migration Tasks
This section describes the following migration tasks:
“Installing A.02.01.01 without Reusing Configuration Data”
“Using ipsec_migrate”
“Modifying the Baltimore CRL Retrieval Method”
“Modifying the VeriSign CRL Retrieval Method”
“Migrating A.01.01 - A.01.03 MD5 Transforms” (page 17).
“Migrating from Versions A.01.01 and A.01.02 to Version A.01.05 (page 17).
Installing A.02.01.01 without Reusing Configuration Data
Use the following procedure to install HP-UX IPSec A.02.01.01 without reusing configuration
data:
1. Stop HP-UX IPSec by entering the ipsec_admin -stop command.
2. If you are migrating from HP-UX IPSec versions A.01.01 - A.01.05, use the swremove utility
to remove the existing version of HP-UX IPSec.
3. Install HP-UX IPSec version A.02.01.01.
4. If you removed the previous version of HP-UX IPSec, re-establish the HP-UX IPSec password
using the command ipsec_admin -newpasswd.
5. If you want to use the autoboot feature to automatically start HP-UX IPSec at system boot-up
time, enter the following command:
ipsec_config add startup -autoboot ON
6. If you are using security certificates and you removed the previous version of HP-UX IPSec,
contact your PKI administrator and have the original certificate for the system revoked.
Modify the CRL retrieval method. See “Modifying the Baltimore CRL Retrieval Method”
(page 16) or “Modifying the VeriSign CRL Retrieval Method” (page 16).
You will need to re-create your HP-UX IPSec configuration data. If you are using security
certificates, you must request a new security certificate for the system.
Using ipsec_migrate
The ipsec_migrate utility migrates HP-UX IPSec policy and certificate configuration files to
be compatible with the current HP-UX IPSec version.
Migrating Policy Files
Beginning with version A.02.00, HP-UX IPSec stores configuration data in a configuration database
instead of a policy file. To migrate a policy configuration file from an earlier version of HP-UX
IPSec to a configuration database, use the following procedure.
1. Run the ipsec_migrate utility after you have installed HP-UX IPSec A.02.01.01. For
example:
/usr/sbin/ipsec_migrate [-p policy_file]
Where:
policy_file is the optional name of the input policy file to migrate, such as
/var/adm/policies.txt. Use this option when migrating a policy file from an HP-UX
IPSec version prior to A.02.00. The ipsec_migrate utility will convert the policy file to a
configuration database file and save it in /var/adm/ipsec/config.db.
If you are migrating from HP-UX IPSec version A.02.00 or A.02.00.01, the ipsec_migrate
utility checks the /var/adm/ipsec/config.db and /var/adm/ipsec/cainfo.txt
files and updates them if needed. Before updating a file, ipsec_migrate creates a backup
Migration Tasks 15