HP-UX IPSec A.02.01.01 Release Notes for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

HP-UX IPSec A.02.01.01 Release Notes

HP-UX 11i version 3

HP Part Number: J4256-90022

Published: February 2007

Edition: 1.0

Summary of content (16 pages)

PAGE 1
HP-UX IPSec A.02.01.01 Release Notes HP-UX 11i version 3 HP Part Number: J4256-90022 Published: February 2007 Edition: 1.
PAGE 2
© Copyright 2007 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
PAGE 3
Table of Contents Overview..................................................................................................................................................7 HP-UX IPSec........................................................................................................................................7 New and Changed Features in This Release.................................................................................................7 New Features......................................
PAGE 4
PAGE 5
List of Tables 1 Fixes in HP-UX IPSec A.02.01.01..........................................................................................................
PAGE 6
PAGE 7
This document provides information about the A.02.01.01 release of HP-UX IPSec for HP-UX 11i version 3 (B.11.31). Overview The A.02.01.01 release of HP-UX IPSec contains the following changes: • Defect fixes. • Bundle name. The bundle name is now IPsec. The previous bundle name was J4256AA. In addition, HP-UX IPSec A.02.01.01 is a selectable bundle in HP-UX 11i v3 Operating Environments (OEs). HP-UX IPSec HP-UX IPSec provides transparent encryption for IP-based applications.
PAGE 8
Table 1 Fixes in HP-UX IPSec A.02.01.01 (continued) Defect ID SR: 8606420262 Description (JAGaf80092) IKE SA negotiations fail on HP-UX PA-RISC systems when using certificate-based authentication with a Certificate Authority (CA) that generates Version 2 Certificate Revocation Lists (CRLs), such a Microsoft CA. The audit log will show messages that include the following text: ERROR...crypto_validate_and_insert_certificate, Error processing CERT payload, and Phase 1 MM processing failed.
PAGE 9
Known Problems and Limitations This section provides a list of known problems and limitations as known to HP at time of publication. If workarounds are available, they are described.
PAGE 10
CN=MyHost,C=US,O=HP), if doing so provides sufficient information to identify the remote system. Alternatively, you can authenticate the identity of the remote system using another ID type, such as IPv4 address (IPV4).
PAGE 11
Compatibility and Installation Requirements This section describes the compatibility information and installation requirements for this release. For specific installation instructions, refer to HP-UX IPSec version A.02.01 Administrator's Guide (J4256–90016). Operating System and Version Compatibility HP-UX IPSec A.02.01.01 is supported on HP-UX 11i v3 (B.11.31). HP-UX IPSec A.02.01.01 is also supported on HP-UX 11i v2 Update 2 (B.11.23) and HP-UX 11i v1 (B.11.11). For more information about HP-UX IPSec A.
PAGE 12
Migrating to HP-UX IPSec A.02.01.01 The following sections list migration procedures for migrating from HP-UX IPSec version A.01.05 or later on an HP-UX 11i or HP-UX 11i v2 system. Contact your HP representative if you are migrating from HP-UX IPSec version A.01.01, A.01.02, A.01.03, or A.01.04, or if you are upgrading from an HP-UX 11.0 system. Migrating from Version A.02.01 Use the following procedure to migrate to HP-UX IPSec A.02.01.01 from version A.02.01. 1. 2. 3.
PAGE 13
Migrating from Version A.01.05 Use the following procedure to migrate to HP-UX IPSec A.02.01.01 from version A.01.05. 1. 2. 3. 4. 5. 6. 7. Stop HP-UX IPSec by entering the ipsec_admin -stop command. If you do not want to re-use IPSec configuration data, complete the procedure described in “Migrating Without Re-using Configuration Data” (page 14). Install HP-UX IPSec version A.01.07 or A.01.07.02.
PAGE 14
Migration Tasks This section describes the following migration tasks: • • • • “Migrating Without Re-using Configuration Data” “Using ipsec_migrate” “Modifying the Baltimore CRL Retrieval Method” “Modifying the VeriSign CRL Retrieval Method” These tasks are used in the migration procedures listed in “Migrating to HP-UX IPSec A.02.01.01” (page 12).
PAGE 15
The ipsec_migrate utility saves updated files in the appropriate locations (/var/adm/ipsec/config.db and /var/adm/ipsec/cainfo.txt). For more information, refer to the ipsec_migrate(1M) man page. 2. Examine the contents of the configuration database using the following command: ipsec_config show all 3. 4. Modify the configuration database, if necessary, using the ipsec_config delete and ipsec_config add commands. Refer to the ipsec_config(1M) man page for more information.
PAGE 16
Related Information The latest documentation for HP-UX IPSec is available in English at http://www.docs.hp.com. Available documents include: • • • • HP-UX IPSec version A.02.01 Administrator's Guide (J4256–90016) HP-UX IPSec version A.02.01 Manpages (PDF and HTML) HP-UX IPSec Performance and Sizing Whitepaper Using OpenSSL Certificates with HP-UX IPSec A.02.01 Software Availability in Native Languages The HP-UX IPSec product is available only in the English language.