HP-UX IPSec version A.02.00 Administrator's Guide
Using Certificates with HP-UX IPSec
Configuring Authentication Records with IKE IDs
Chapter 4136
Determining the IPv4 Address in the SubjectAlternativeName
You can use the following procedures to determine the
SubjectAlternativeName for the local system’s certificate.
VeriSign To determine the SubjectAlternativeName for a VeriSign
certificate, select the certificate for the 127.0.0.1 address from the
ipsec_mgr Certificates screen, then click Details. The Subject box
contains the SubjectName, followed by the SubjectAlternativeName
IPv4 address. The SubjectAlternativeName is circled in Figure 4-2. The
actual node name and IPv4 address captured in the screen image were
obscured for publication.)
Figure 4-2 VeriSign SubjectAlternativeName
Baltimore The IPv4 address in the SubjectAlternativeName field is the
IPv4 address specified in the certificate request form of the Registration
Authority Operator (RAO) utility. If you did not request the certificate,
or do not remember the IPv4 address, contact the Baltimore CA
Administrator.
Syntax
You can use the following ipsec_config add auth syntax to configure
authentication records with ID information in most installations:
ipsec_config add auth
auth_name
-remote
ip_addr
[/
prefix
]
[-ltype local_id_type] [-lid local_id]
[-rtype remote_id_type] [-rid remote_id]
HP recommends that you use an ipsec_config batch file to configure
HP-UX IPSec. To specify an add auth operation for an ipsec_config
batch file, use the above syntax without the ipsec_config command
name: