Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
131132133134135136137138139140
Using Certificates with HP-UX IPSec
Using Baltimore Certificates
Chapter 4 127
NOTE You do not need to install any Baltimore software on the IPSec hosts
that will use Baltimore certificates.
2. Set up the PKI structure on the Baltimore CA host. The PKI
structure is a part of the Certificate Authority Operator (CAO)
component.
3. Enable LDAP.
4. From the PKI view, right click on the icon for your CA. Select
Attributes. Click on the Certificate CRL and Directory
Options tab. Verify that the IDP Extension on CRLs/ARLs is
critical option is selected.
NOTE HP-UX IPSec does not support the use of Certificate Distribution
Points (CDPs) with Baltimore certificates.
5. Set up a policy or policies in the UniCERT CAO component for use
when requesting certificates for IPSec hosts. The policy must
contain the following fields:
IP address (mandatory for HP-UX IPSec systems)
DNS (Fully Qualified Domain Name)
Key Size: 1024
•Key Type: RSA
Key Usage: Digital Signature
Certificate Interval Start
Certificate Interval End
Common Name
•Org Unit
Organization
•Country Code