Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
131132133134135136137138139140
Using Certificates with HP-UX IPSec
Using Baltimore Certificates
Chapter 4132
a. Enter the server name or IP address of the LDAP server where
the Certificate Revocation List (CRL) for the Baltimore PKI is
stored.
b. Enter the TCP port number used for connecting to the LDAP
server where the CRL is stored.
The standard port number for an LDAP server is 389.
c. Enter the search base values for the CRL for the CA. The search
base is not case sensitive.
You can obtain the search base values from your LDAP
Administrator. The search base is the suffix configured to store
all certificates and CRLs in the LDAP directory.
These values form path or part of a path combined with the
search filter values to the location of the CRL on the LDAP
server. The values of the search base and the search filter may
form the certificate distinguishedName. If that is the case, the
search will be faster.
The following are examples of search base values. The syntax of
these examples is precise, including delimiting commas between
attributes and lack of other punctuation.
ou=ipsec, o=hp, c=US
o=hp, c=US
c=US
d. Enter the search filter values for the CRL. The search filter is not
case sensitive.
You can obtain search filter values from your LDAP
Administrator. These values should form the second part of a
path, beginning with the search base, to the location of the CRL
on the LDAP server.
The values of the search base and the search filter may combine
to form the certificate distinguishedName (DN). If this is the
case, the search will be faster. If the search base and search filter
form the DN, they must not overlap. For example, the value
o=HP can be a part of the search base value or the search filter
value, but not both.