Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
151152153154155156157158159160
Using Certificates with HP-UX IPSec
Requirements
Chapter 5156
Requirements
To use security certificates with HP-UX IPSec, your topology must meet
the following requirements:
All security certificates must be administered using a PKI product
from the same vendor. When you configure HP-UX IPSec, you must
configure only one PKI vendor for all security certificate operations.
The PKI must support the following certificate file formats and
access methods:
Certificate Signing Requests: The CA must support Certificate
Signing Requests (CSRs) in Public Key Cryptography Standards
(PKCS) Certification Request Syntax #10 format (commonly
referred to as PKCS#10) and encoded using Privacy-Enhanced
Mail (PEM) base64 encoding. This CSR format is typically used
for “copy and pastecertificate requests.
Certificates: The CA must provide X.509 Version 3 certificates
encoded using base64 encoding (sometimes referred to as base64
PEM format).
Certificate Revocation Lists: The CA must provide X.509 Version
1 or X.509 Version 2 Certificate Revocation Lists formatted using
Distinguished Encoding Rules (DER).
Implementations that meet these requirements include:
•OpenSSL
•VeriSign OnSite Managed PKI