HP-UX IPSec version A.02.01 Administrator's Guide
3
— ipsec_config add crl: Adds a Certificate Revocation List
to the HP-UX IPSec storage scheme. The source can be a
local file or an entry in a Lightweight Directory Access
Protocol (LDAP) directory.
— ipsec_config delete certificate: Deletes the certificate
for the local system and the CA’s certificate from the HP-UX
IPSec storage scheme.
— ipsec_config show certificate: Displays the contents of
the certificate for the local system. This command also
displays LDAP directory information for the CRL, if
configured.
Refer to the ipsec_config_add (1M) manpage for more
information.
—The format of the /var/adm/ipsec/cainfo.txt file is changed.
—The /var/adm/ipsec/.Bsec and
/var/adm/ipsec_gui/javabeans.txt files are no longer
supported. Certificate key data is now stored in the file
/var/adm/ipsec/ipsec.key.
—The /var/adm/ipsec/.Bcerts and
/var/adm/ipsec/certs.txt files are no longer supported.
Certificates are now stored in the file
/var/adm/ipsec/ipsec.certs.
— HP-UX IPSec no longer supports the cron script file
/var/adm/ipsec_gui/cron/baltimoreCRL.cron to retrieve the
Certificate Revocation List (CRL) for Baltimore certificates. If
you have an entry in the root user’s crontab file to execute the
baltimoreCRL.cron file, you must replace it with an entry that
executes /var/adm/ipsec_gui/cron/crl.cron and resubmit the
crontab file.
— HP-UX IPSec no longer supports the proprietary method for
retrieving VeriSign CRLs. The contents of the
/var/adm/ipsec_gui/cron/crl.cron script file have changed.
The new crl.cron file can be used only to retrieve a CRL from
an LDAP directory, and reads information from the
/var/adm/cainfo.txt file.
• Configuration file templates: HP-UX IPSec now provides
ipsec_config batch file templates in the directory
/var/adm/ipsec/templates.