Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
271272273274275276277278279280
HP-UX IPSec and MC/ServiceGuard
Step 8: Distributing HP-UX IPSec Configuration Files
Chapter 8 267
Step 8: Distributing HP-UX IPSec
Configuration Files
After you have verified and tested the HP-UX IPSec configuration on one
node, distribute the HP-UX IPSec configuration database file,
/var/adm/ipsec/config.db, to the other nodes in the cluster.
NOTE Do not redistribute the configuration database file if HP-UX IPSec is
running. If you need to modify the configuration while HP-UX IPSec is
running on the cluster, use an ipsec_config batch file to make changes
on one system. Distribute the batch file to the other nodes in the cluster,
then run ipsec_config with the batch file on the other systems.
Baltimore Configuration Files
Distribute the following additional files if you are using Baltimore
certificates:
/var/adm/ipsec/cainfo.txt
/var/adm/ipsec/.Bcerts
/var/adm/ipsec/.Bsec
To periodically retrieve the CRL from the Baltimore CA, you must also
modify the root users crontab file (/var/spool/cron/crontabs/root)
to execute the /var/adm/ipsec_gui/baltimoreCRL.cron file.
Re-submit the crontab file.
NOTE You must redistribute the above files if you get a new Baltimore
certificate, or change information about the Baltimore CA.
VeriSign Configuration Files
Distribute the following additional files if you are using VeriSign
certificates: