Manualshelf

HP-UX IPSec A.02.01.01 Release Notes for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
78910111213141516
The ipsec_migrate utility saves updated files in the appropriate locations
(/var/adm/ipsec/config.db and /var/adm/ipsec/cainfo.txt). For more
information, refer to the ipsec_migrate(1M) man page.
2. Examine the contents of the configuration database using the following command:
ipsec_config show all
3. Modify the configuration database, if necessary, using the ipsec_config delete and
ipsec_config add commands. Refer to the ipsec_config(1M) man page for more
information.
4. The ipsec_migrate utility does not configure the autoboot option. If you want HP-UX
IPSec to automatically start at system start-up time, use the following command to enable
the autoboot option:
ipsec_config add startup -autoboot on
5. Start HP-UX IPSec:
ipsec_admin -start
Migrating Certificate Files
Beginning with release A.02.01, HP-UX IPSec stores certificate files in a generic (not
vendor-specific) storage scheme. The ipsec_migrate utility performs the following tasks when
migrating to HP-UX IPSec version A.02.01.01 from versions A.01.01 - A.01.07:
Modifies the format of the file /var/adm/ipsec/cainfo.txt and adds a version string.
Renames the certificate file (/var/adm/ipsec/certs.txt or /var/adm/ipsec/.Bcerts)
/var/adm/ipsec/ipsec.cert.
Renames the key file (/var/adm/ipsec/javabeans.txt or /var/adm/ipsec/.Bsec)
/var/adm/ipsec/ipsec.key.
Modifying the Baltimore CRL Retrieval Method
Beginning with release A.02.01, HP-UX IPSec no longer supports the cron script file
/var/adm/ipsec_gui/cron/baltimoreCRL.cron to retrieve the Certificate Revocation
List (CRL) for Baltimore certificates. If you had an entry in the root user's crontab file to execute
thebaltimoreCRL.cron file, you must replace it with an entry that executes
/var/adm/ipsec_gui/cron/crl.cron and resubmit the crontab file.
Modifying the VeriSign CRL Retrieval Method
Beginning with release A.02.01, HP-UX IPSec no longer supports the VeriSign CRL automatic
retrieval method using the /var/adm/ipsec_gui/cron/crl.cron script file. (The
/var/adm/ipsec_gui/cron/crl.cron file in version A.02.01 retrieves a CRL stored in an
LDAP directory.) If you had an entry in the root user's crontab file to execute the crl.cron file,
you must delete it.
To retrieve a VeriSign CRL, you must manually retrieve it using the VeriSign OnSite web interface
to store it in a local file, and then use the following command to manually store the file in the
HP-UX IPSec storage scheme:
ipsec_config add crl -file crl_filename
The crl_filename is the name of the local file that contains the CRL retrieved from VeriSign.
Migration Tasks 15