HP-UX IPSec version A.02.00 Administrator's Guide
Using Certificates with HP-UX IPSec
Using VeriSign Certificates
Chapter 4120
Step 4. Request and retrieve a VeriSign certificate. You must do this on each
HP-UX IPSec system using VeriSign certificates.
Step 5. Configure authentication records with IKE IDs. This task is described in
“Configuring Authentication Records with IKE IDs” on page 134.
Step 6. Configure your system to automatically retrieve the Certificate
Revocation List (CRL), or manually retrieve the CRL. This task is
described in “Retrieving the Certificate Revocation List (CRL)” on
page 142.
Step 1: Verifying Prerequisites
Prior to configuring the HP-UX IPSec product with VeriSign certificate
authentication, you will need to:
1. Purchase the VeriSign Managed PKI product from VeriSign
(www.verisign.com).
2. Assign a local VeriSign Managed PKI Administrator.
3. Ensure that the system used by the VeriSign Managed PKI
Administrator meets the VeriSign hardware and software
requirements listed below. For the very latest VeriSign hardware
and software requirements, check the VeriSign Managed PKI
documentation.
• Netscape or Internet Explorer browser version 4.0 or later,
enabled for secure Hypertext Transfer Protocol (S-HTTP)
• E-mail or browser application that supports the S/MIME protocol
4. Receive the security certificate for the Managed PKI
Administrator from VeriSign. Install the certificate on the system
used by the Managed PKI Administrator, as described in the
VeriSign documentation.
5. Verify that the HP-UX IPSec systems and the system used by the
VeriSign Managed PKI Administrator can exchange HTTP packets
with the VeriSign Managed PKI Control Center. Depending on your
network topology and access to external sites, this can be done with a
web proxy server or with direct access to the VeriSign Managed PKI
Control Center website.
If you will use a web proxy server, get the following information
about the proxy server: