Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
261262263264265266267268269270
HP-UX IPSec and MC/ServiceGuard
Step 5: Configuring Authentication Records for Certificates
Chapter 8 261
Step 5: Configuring Authentication Records
for Certificates
This section describes configuration requirements for authentication
records if you are using security certificates (RSA signatures) for IKE
authentication. If you are not using security certificates for IKE
authentication, go to “Step 6: Verifying and Testing the HP-UX IPSec
Configuration” on page 265.
All nodes in an MC/ServiceGuard cluster share the same certificate and
IKE ID configuration. Import or retrieve a certificate and configure IKE
ID information on one node in the cluster and transfer the certificate
files to the other nodes in the cluster.
Certificates
On one cluster node, obtain and install one certificate for the cluster, as
described in Chapter 4, “Using Certificates with HP-UX IPSec,on
page 113. All nodes in the cluster will use this certificate. You will
distribute copies of the certificate files to the other nodes in the cluster in
“Step 8: Distributing HP-UX IPSec Configuration Files” on page 267.
On each cluster client, obtain and install a certificate for the client.
Authentication Records and IKE ID Information
MC/ServiceGuard systems are multihomed—each node has at least one
stationary address, and can be assigned a relocatable or package address
at any time. You must configure local ID information in the
authentication record for each remote system address. This enables
HP-UX IPSec to send the correct local ID type and ID value to the remote
systems.
Use the procedure described inChapter 4, “Configuring Authentication
Records with IKE IDs” on page 134 to configure authentication records,
with the additional requirements described in the following sections.