HP-UX IPSec version A.02.01 Administrator's Guide
Migrating from Previous Versions of HP-UX IPSec
Post-Installation Migration Instructions
Appendix C 255
Step 2. Examine the contents of the configuration database using the following
command:
ipsec_config show all
Step 3. Modify the configuration database, if necessary, using the ipsec_config
delete and ipsec_config add commands. Refer to the ipsec_config
(1M) man page for more information.
Step 4. The ipsec_migrate utility does not configure the autoboot option. If you
want HP-UX IPSec to automatically start at system start-up time, use
the following command to enable the autoboot option:
ipsec_config add startup -autoboot on
Step 5. Start HP-UX IPSec:
ipsec_admin -start
Certificate Files
Beginning with release A.02.01, HP-UX IPSec stores certificate files in a
generic (not vendor-specific) storage scheme. The ipsec_migrate utility
performs the following tasks when migrating to HP-UX IPSec version
A.02.01 from previous versions:
• Modifies the format of the file /var/adm/ipsec/cainfo.txt and
adds a version string.
• Renames the certificate file (/var/adm/ipsec/certs.txt or
/var/adm/ipsec/.Bcerts) /var/adm/ipsec/ipsec.cert.
• Renames the key file (/var/adm/ipsec/javabeans.txt or
/var/adm/ipsec/.Bsec) /var/adm/ipsec/ipsec.key.
Retrieving a Baltimore Certificate Revocation List
Beginning with release A.02.01, HP-UX IPSec no longer supports the
cron script file /var/adm/ipsec_gui/cron/baltimoreCRL.cron to
retrieve the Certificate Revocation List (CRL) for Baltimore certificates.
If you had an entry in the root user’s crontab file to execute the
baltimoreCRL.cron file, you must replace it with an entry that executes
/var/adm/ipsec_gui/cron/crl.cron and resubmit the crontab file.