Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
131132133134135136137138139140
Using Certificates with HP-UX IPSec
Using Baltimore Certificates
Chapter 4 129
10. Choose PKCS#12 encoded certificate as the format in which to
save the certificate.
11. Save the certificate to the same file you saved the request with the
secret key.
The message Do you want to replace this file will appear.
Select Yes. The file is not replaced; the new information is appended
to the original file.
The PKCS#12 file is encrypted and contains key information used by the
HP-UX IPSec IKE daemon to register with the Baltimore PKI and
perform certificate operations.
NOTE Once the PKCS#12 file is complete, you must transfer it from its saved
location to the IPSec host that will use the certificate. When you save the
file to the new location on the IPSec host, be sure to note the full path to
the file. This path is necessary to import the certificate into IPSec.
Step 3: Configuring the Baltimore Certificate
Prior to entering information into the Baltimore certificate screens, you
must have received a PKCS#12 file from the Baltimore Certificate
Authority, that includes the CA Certificate, User Private Key, and User
Certificate information. In addition, you must have the passphrase used
to protect the PKCS#12 file from the Baltimore Administrator. For
instructions on obtaining a PKCS#12 file, see “Step 1: Verifying
Prerequisites” on page 126.
1. Start ipsec_mgr, the IPSec Manager configuration GUI. Enter the
following command from the HP-UX prompt:
ipsec_mgr
Do not run ipsec_mgr as a background process. The ipsec_mgr
prompts for the HP-UX IPSec password before starting the GUI.
If no password has been set, you must create one using the
ipsec_admin -newpasswd command. See Chapter 2, “Step 3: Setting
the HP-UX IPSec Password” on page 55 for instructions.