Manualshelf

HP-UX IPSec A.02.01.01 Release Notes for HP-UX 11i v1 | HP-UX 11i v2, Update 2

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
9101112131415161718
copy and saves it in the file /var/adm/ipsec/backup/config.db.timestamp or
/var/adm/ipsec/backup/cainfo.txt.timestamp, as applicable. The timestamp is
in the format dd-mm-yy-hh-mn-ss, where:
dd is the day
mm is the month
yy are the last two digits of the year
hh is the hour
mn is the number of minutes
ss is the number of seconds
The ipsec_migrate utility saves updated files in the appropriate locations
(/var/adm/ipsec/config.db and /var/adm/ipsec/cainfo.txt). For more
information, refer to the ipsec_migrate(1M) man page.
2. Examine the contents of the configuration database using the following command:
ipsec_config show all
3. Modify the configuration database, if necessary, using the ipsec_config delete and
ipsec_config add commands. Refer to the ipsec_config(1M) man page for more
information.
4. The ipsec_migrate utility does not configure the autoboot option. If you want HP-UX
IPSec to automatically start at system startup time, use the following command to enable
the autoboot option:
ipsec_config add startup -autoboot on
5. Start HP-UX IPSec:
ipsec_admin -start
Migrating Certificate Files
Beginning with release A.02.01, HP-UX IPSec stores certificate files in a generic (not
vendor-specific) storage scheme. The ipsec_migrate utility performs the following tasks when
migrating to HP-UX IPSec version A.02.01.01 from versions A.01.01 - A.01.07:
Modifies the format of the file /var/adm/ipsec/cainfo.txt and adds a version string.
Renames the certificate file (/var/adm/ipsec/certs.txt or /var/adm/ipsec/.Bcerts)
/var/adm/ipsec/ipsec.cert.
Renames the key file (/var/adm/ipsec/javabeans.txt or /var/adm/ipsec/.Bsec)
/var/adm/ipsec/ipsec.key.
Modifying the Baltimore CRL Retrieval Method
Beginning with release A.02.01, HP-UX IPSec no longer supports the cron script file
/var/adm/ipsec_gui/cron/baltimoreCRL.cron to retrieve the Certificate Revocation
List (CRL) for Baltimore certificates. If you had an entry in the root user's crontab file to execute
thebaltimoreCRL.cron file, you must replace it with an entry that executes
/var/adm/ipsec_gui/cron/crl.cron and resubmit the crontab file.
Modifying the VeriSign CRL Retrieval Method
Beginning with release A.02.01, HP-UX IPSec no longer supports the VeriSign CRL automatic
retrieval method using the /var/adm/ipsec_gui/cron/crl.cron script file. (The
/var/adm/ipsec_gui/cron/crl.cron file in version A.02.01 retrieves a CRL stored in an
LDAP directory.) If you had an entry in the root user's crontab file to execute the crl.cron file,
you must delete it.
16