Manualshelf

HP-UX IPSec A.02.01.01 Release Notes for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
78910111213141516
Migration Tasks
This section describes the following migration tasks:
“Migrating Without Re-using Configuration Data”
“Using ipsec_migrate”
“Modifying the Baltimore CRL Retrieval Method”
“Modifying the VeriSign CRL Retrieval Method”
These tasks are used in the migration procedures listed in “Migrating to HP-UX IPSec A.02.01.01”
(page 12).
Migrating Without Re-using Configuration Data
If you do not want to re-use existing configuration files, use the swremove utility to remove the
existing version of HP-UX IPSec, then install the newer version of HP-UX IPSec.
If you had a certificate issued for the system, contact your PKI administrator and have the original
certificate for the system revoked.
You must re-establish the HP-UX IPSec password using the command ipsec_admin
-newpasswd.
Using ipsec_migrate
The ipsec_migrate utility migrates HP-UX IPSec policy and certificate configuration files to
be compatible with the current HP-UX IPSec version.
Migrating Policy Files
Beginning with version A.02.00, HP-UX IPSec stores configuration data in a configuration database
instead of a policy file. To migrate a policy configuration file from an earlier version of HP-UX
IPSec to a configuration database, use the following procedure.
1. Run the ipsec_migrate utility after you have installed HP-UX IPSec A.02.01.01. For
example:
/usr/sbin/ipsec_migrate [-p policy_file]
Where:
policy_file is the optional name of the input policy file to migrate, such as
/var/adm/policies.txt. Use this option when migrating a policy file from an HP-UX
IPSec version prior to A.02.00. Theipsec_migrate utility will convert the policy file to a
configuration database file and save it in /var/adm/ipsec/config.db.
If you are migrating from HP-UX IPSec version A.02.00 or A.02.00.01, the ipsec_migrate
utility checks the /var/adm/ipsec/config.db and /var/adm/ipsec/cainfo.txt
files and updates them if needed. Before updating a file, ipsec_migrate creates a backup
copy and saves it in the file /var/adm/ipsec/backup/config.db.timestamp or
/var/adm/ipsec/backup/cainfo.txt.timestamp, as applicable. The timestamp is
in the format dd-mm-yy-hh-mn-ss, where:
dd is the day
mm is the month
yy are the last two digits of the year
hh is the hour
mn is the number of minutes
ss is the number of seconds
14