HP-UX IPSec A.03.00.01 Release Notes (HP-UX 11i Version 3)
-alt-user-fqdn johnson@myhost.acme.com
nichols@home.acme.com
Examples of the ipsec_config add csr command specifying multiple
alternative names
In the following example, the ipsec_config add csr command specifies two IPv4 addresses,
two FQDNs, and a single User-FQDN as alternative names in the specified certificate:
%ipsec_config add csr -subject cn=myhost,c=us,o=hp,ou=lab \
-alt-ipv4 192.6.2.2 -alt-ipv4 192.6.1.1 \
-alt-fqdn myhost.hp.com -alt-fqdn myhost2.hp.com \
-alt-user-fqdn roadrunner@acme.com
In the following example, the command specifies one IPv4 address, one FQDN, and two
User-FQDNs:
%ipsec_config add csr -subject cn=myhost,c=us,o=hp,ou=lab \
-alt-user-fqdn roadrunner@acme.com \
-alt-user-fqdn bunny@acme.com -alt-user-fqdn wolf@acme.com
New and changed features in A.03.00.00
The documentation reflects the following changes to the HP-UX IPSec product:
• “IKE policy changes” (page 8)
“Support for IKE version 2” (page 8)◦
◦ “IKEv1 and IKEv2 policies replace IKE policies” (page 8)
◦ “default IKEv1 and IKEv2 policies” (page 9)
◦ “The ipsec_config add ike command is deprecated” (page 9)
◦ “IKE DES encryption is obsolete” (page 9)
◦ “IKEv1 Perfect Forward Secrecy supported with keys only” (page 9)
◦ “IKE support for multiple hash, encryption, and group values” (page 9)
◦ “IKE support for Diffie-Hellman groups 5 and 14” (page 9)
◦ “IKE support for AES128-CBC encryption” (page 10)
• “Authentication record changes” (page 10)
“Authentication records are mandatory” (page 10)◦
◦ “Authentication records specify the IKE (key management protocol) version” (page 10)
◦ “Authentication records include a priority alue” (page 10)
◦ “Authentication records support the AUTOCONF flag” (page 10)
◦ “Authentication records support subtrees and address ranges for remote ID matching”
(page 10)
◦ “Hexadecimal storage for preshared key values starting with 0x” (page 11)
New and changed features in A.03.00.00 7