Manualshelf

HP-UX IPSec A.02.01.01 Release Notes for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
78910111213141516
Compatibility and Installation Requirements
This section describes the compatibility information and installation requirements for this release.
For specific installation instructions, refer to HP-UX IPSec version A.02.01 Administrator's Guide
(J4256–90016).
Operating System and Version Compatibility
HP-UX IPSec A.02.01.01 is supported on HP-UX 11i v3 (B.11.31). HP-UX IPSec A.02.01.01 is also
supported on HP-UX 11i v2 Update 2 (B.11.23) and HP-UX 11i v1 (B.11.11). For more information
about HP-UX IPSec A.02.01.01 on HP-UX 11i v2 Update 2 and HP-UX 11i v1, refer to HP-UX
IPSec version A.02.01.01 Release Notes, HP-UX 11i version 1 and HP-UX 11i version 2 Update 2
(J4256–90024).
Security Certificate Requirements
To use security certificates with HP-UX IPSec, your topology must meet the following
requirements:
All security certificates must be administered using a Public Key Infrastructure (PKI) product
from the same vendor. When you configure HP-UX IPSec, you must configure only one PKI
vendor for all security certificate operations.
The PKI must support the following certificate file formats and access methods:
— Certificate Signing Requests: The CA must support Certificate Signing Requests (CSRs)
in Public Key Cryptography Standards (PKCS) Certification Request Syntax #10 format
(commonly referred to as PKCS#10) and encoded using Privacy-Enhanced Mail (PEM)
base64 encoding. This CSR format is typically used for "copy and paste" certificate
requests.
— Certificates: The CA must provide X.509 Version 3 certificates encoded using base64
encoding (sometimes referred to as base64 PEM format).
— Certificate Revocation Lists: The CA must provide X.509 Version 1 or X.509 Version 2
Certificate Revocation Lists formatted using Distinguished Encoding Rules (DER).
Implementations that meet these requirements include:
OpenSSL
VeriSign OnSite Managed PKI
Software Dependency
HP-UX IPSec A.02.01.01 on HP-UX 11i version 3 requires the Java Runtime Environment (JRE).
Java Runtime Environment (JRE)
HP-UX IPSec no longer includes Java runtime components. You must now install the Java Runtime
Environment (JRE) version 1.4 or later to use the ipsec_migrate and ipsec_config add
crl commands, and the /var/adm/ipsec_gui/cron/crl.cron script file.
JRE versions 1.4.2.10 and 1.5.0.03 are included with HP-UX 11i version 3 (B.11.31) by default.
HP-UX IPSec searches for the Java runtime components in the directory /opt/java1.4. If you
install the JRE in another directory, you must set the JAVA_HOME environment variable to the
appropriate location.
Hardware Requirements
This version of HP-UX IPSec runs on HP 9000 and HP Integrity servers.
Compatibility and Installation Requirements 11