HP-UX IPSec version A.02.01 Administrator's Guide
Using Certificates with HP-UX IPSec
Step 1: Creating a Certificate Signing Request
Chapter 5158
Step 1: Creating a Certificate Signing Request
Use the ipsec_config add csr command to create a Certificate Signing
Request (CSR) for the local system.
The ipsec_config add csr command performs the following tasks:
• Generates a public/private key pair for the local system. It encrypts
the private key and stores it in the file /var/adm/ipsec/ipsec.key.
• Creates an unsigned certificate for the local system using the public
key.
• Creates a PKCS#10 Certificate Signing Request, PEM formatted,
and stores it in the file /var/adm/ipsec/ipsec.csr.
ipsec_config add csr Syntax
The add csr functionality is not supported in ipsec_config batch files.
Use the following ipsec_config add csr syntax to create a certificate
request:
ipsec_config add csr -subject
subject_name
[-alt-ipv4
ipv4_addr
][-alt-ipv6
ipv6_addr
]
[-alt-fqdn
fqdn
][-alt-user-fqdn
user_fqdn
]
[-key_length
number_bits
] [-days
number_days
]
-subject
subject_name
The value you want in the subjectName field for the certificate in X.500
Distinguished Name (DN) format. The DN consists of at least one of the
following attributes:
CN=
commonName
C=
country
O=
organization
OU=
organizationalUnit
The attributes are all optional, but you must specify at least one.
Separate multiple attributes using commas. The order of the attributes
is ignored and the DN is not case sensitive.
If there are spaces in the DN, you must enclose the DN in double quotes
(““). For example, “CN=host1,C=US,O=My Company,OU=Blue Lab”.