HP-UX IPSec version A.02.01 Administrator's Guide
Using Certificates with HP-UX IPSec
Step 1: Creating a Certificate Signing Request
Chapter 5 159
The values are defined as follows:
commonName
: The commonName of the DN in printable string format.
Commas are not accepted as part of this value. The size of this value
must not exceed 64 bytes.
country
: The two-character ISO 3166-1 code for the country listed in the
DN, for example US for United States of America. Commas are not
accepted as part of this value.
organization
: The organization of the DN, for example
Hewlett-Packard. Commas are not accepted as part of this value. The
size of this value must not exceed 64 bytes.
organizationalUnit
: The organizationalUnit for the DN, for example
Marketing. Commas are not accepted as part of this value. The size of
this value must not exceed 64 bytes.
Default: None.
-alt-ipv4
ipv4_addr
The IPv4 address you want in the subjectAlternativeName field for the
certificate, entered in dotted-decimal notation.
TIP HP recommends that you specify the -alt-ipv4 argument (or -alt-ipv6,
if the system uses IPv6 addresses) for most topologies. HP-UX IPSec
uses IP addresses for IKE IDs by default, so if you specify -alt-ipv4 (or
-alt-ipv6) and the system is not multihomed, you will not have to
configure an authentication record for this system on the local system,
and you will not have to configure an authentication record for this
system on remote systems.
The exception to the above recommendation is topologies where you are
using IKE with RSA signatures for Mobile IPv6. RFC 3775 specifies that
you must not use IPv6 addresses as IKE IDs when using IKE with
Mobile IPv6.
-alt-ipv6
ipv6_addr
The IPv6 address you want in the subjectAlternativeName field for the
certificate, entered in colon-hexadecimal notation.