HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and Serviceguard
Step 5: Configuring Authentication Records for Certificates
Appendix G350
Step 5: Configuring Authentication Records
for Certificates
This section describes configuration requirements for authentication
records if you are using security certificates (RSA signatures) for IKE
authentication. If you are not using security certificates for IKE
authentication, go to “Step 6: Verifying and Testing the HP-UX IPSec
Configuration” on page 354.
All nodes in an Serviceguard cluster share the same certificate and IKE
ID configuration. Import or retrieve a certificate and configure IKE ID
information on one node in the cluster and transfer the certificate files to
the other nodes in the cluster.
Certificates
On one cluster node, obtain and install one certificate for the cluster, as
described in Chapter 5, “Using Certificates with HP-UX IPSec,” on
page 151. All nodes in the cluster will use this certificate. You will
distribute copies of the certificate files to the other nodes in the cluster in
“Step 8: Distributing HP-UX IPSec Configuration Files” on page 356.
On each cluster client, obtain and install a certificate for the client.
Authentication Records and IKE ID Information
Serviceguard systems are multihomed—each node has at least one
stationary address, and can be assigned a relocatable or package address
at any time. You must configure local ID information in the
authentication record for each remote system address. This enables
HP-UX IPSec to send the correct local ID type and ID value to the remote
systems.
Use the procedure described inChapter 5, “Step 4: Configuring
Authentication Records with IKE IDs” on page 163 to configure
authentication records, with the additional requirements described in
the following sections.