HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and Serviceguard
Step 8: Distributing HP-UX IPSec Configuration Files
Appendix G356
Step 8: Distributing HP-UX IPSec
Configuration Files
After you have verified and tested the HP-UX IPSec configuration on one
node, distribute the HP-UX IPSec configuration database file,
/var/adm/ipsec/config.db, to the other nodes in the cluster.
NOTE Do not redistribute the configuration database file if HP-UX IPSec is
running. If you need to modify the configuration while HP-UX IPSec is
running on the cluster, use an ipsec_config batch file to make changes
on one system. Distribute the batch file to the other nodes in the cluster,
then run ipsec_config with the batch file on the other systems.
Certificate Configuration Files
Distribute the following certificate files if you are using RSA signatures
for IKE authentication:
• /var/adm/ipsec/cainfo.txt
• /var/adm/ipsec/ipsec.cert
• /var/adm/ipsec/ipsec.key
If the CRL is stored in an LDAP directory and you want to automatically
retrieve the CRL periodically, you must also modify the root user’s
crontab file (/var/spool/cron/crontabs/root) on each cluster node.
Add an entry to execute the /var/adm/ipsec_gui/cron/crl.cron file.
Re-submit the crontab file.
NOTE You must redistribute the above files if you get a new certificate, or
change CRL retrieval information.