Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
171172173174175176177178179180
Using Certificates with HP-UX IPSec
Example
Chapter 5 175
Example
This example shows the sequence of commands used to configure
certificates for HP-UX IPSec on the system hostA. In addition, the
administrator must complete the configuration tasks described in
Chapter 4, “Configuring HP-UX IPSec,” on page 89, such as configuring
IPsec and IKE policies.
1. Create a CSR:
ipsec_config add csr \
-subject “cn=hostA,c=US,o=HP,ou=Blue Lab” \
-alt-ipv4 15.1.1.1
HP-UX IPSec creates a CSR in PKCS#10 format, PEM encoded, and
stores it in /var/adm/ipsec/ipsec.csr.
2. Submit the contents of the /var/adm/ipsec/ipsec.csr file to the
CA. The submission method varies from vendor to vendor.
3. Receive a base64 file from the CA with a certificate for the local
system (tmp/hostA.pem) and a base64 file with a certificate for the
CA (/tmp/cacert.pem) from CA. Add the certificates to the HP-UX
storage scheme:
ipsec_config add cert -mycert /tmp/hostA.pem \
-cacert /tmp/cacert.pem
4. Configure authentication records, if needed. In this example, the
remote system pc99 sends and expects the Subject
DistinguishedName as the IKE ID. The corresponding
authentication record is as follows:
ipsec_config add auth pc99 -remote 10.99.99.99 \
-ltype X500-DN -lid CN=hostA,C=US,O=HP,OU=Lab \
-rtype X500-DN -rid CN=pc99,C=us,O=myco
5. Create or receive a CRL from the CA in DER format. Add the CRL to
the HP-UX storage scheme. In this example, the CRL is stored on the
LDAP server with address 10.40.40.40
ipsec_config add crl -ldap 10.40.40.40 \
-base C=US,O=HP,OU=Lab -filter “CN=The Big CA”