Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
141142143144145146147148149150
Using Certificates with HP-UX IPSec
Retrieving the Certificate Revocation List (CRL)
Chapter 4142
Retrieving the Certificate Revocation List
(CRL)
If you are using VeriSign or Baltimore certificates, you must add an
entry to the root user’s crontab file, located in
/var/spool/cron/crontabs/root to periodically retrieve the
Certificate Revocation List (CRL) from the VeriSign or Baltimore
Certificate Authority. Alternately, you can manually retrieve the CRL
using ipsec_mgr.
VeriSign
Add the following two lines to the root user’s crontab file.
# Retrieve the CRL from the Certificate Authority (for HP-UX
IPSec)
[min] [hr] [mon_day] [month] [wkday]
/var/adm/ipsec_gui/cron/crl.cron
The fields in brackets are placeholders. Replace them with appropriate
values when you enter the lines into the crontab file.
For example, to retrieve the CRL every hour on the hour, add the
following two lines to the crontab file:
# Retrieve the CRL from the Certificate Authority (for HP-UX
IPSec)
0 * * * * /var/adm/ipsec_gui/cron/crl.cron
Execute the crontab command to submit the root crontab file:
crontab /var/spool/cron/crontabs/root
For more information regarding cron jobs and the crontab file format,
refer to the cron(1M) and crontab(1) manpages.
Baltimore
Add the following two lines to the root user’s crontab file.
# Retrieve the CRL from the Certificate Authority (for HP-UX
IPSec)