HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

When used to retrieve the CRL from an LDAP directory, the

ipsec_config add crl

command also

saves the LDAP directory parameters in the ﬁle

/var/adm/ipsec/cainfo.txt

, which is used by the

CRL cron script ﬁle,

/var/adm/ipsec/ipsec_gui/cron/crl.cron

The

ipsec_config add crl

command is one of three

ipsec_config

commands for using

certiﬁcates with HP-UX IPSec; the other commands are

ipsec_config add cert

and

ipsec_config add csr

Options and Operands

The

ipsec_config add crl

command recognizes the following options and operands:

-file

crl_filename

Speciﬁes the local ﬁle from which

ipsec_config

will retrieve the CRL. The ﬁle must

contain a CRL in ASN.1 DER format.

-ldap

server_addr

Speciﬁes the IP address of the LDAP server where the CRL is stored. The CRL must be

stored in ASN.1 DER format.

Default: None.

-port

port_number

Speciﬁes the TCP port number for the LDAP server.

Range: 1 - 65535.

Default: 389, the IANA registered port number for LDAP.

-base

search_base

Search base for the CRL, in X.500 Distinguished Name (DN) format, such as

C=US,O=HP,OU=Div

. The search_base with the ﬁlter appended to it form a search

path to the location of the certiﬁcationAuthority object in the LDAP directory. The CRL is

is an attribute of the certiﬁcationAuthority object. The search_base and ﬁlter must not

overlap. For example, the value

O=HP

can be part of the search_base or the ﬁlter , but

not both.

The maximum length of the search_base is 272 characters. If there are spaces in the DN,

you must enclose the DN in double quotes (" "). For example, "C=US,O=Some

Corp,OU=blue" .

Default: None. The search_base and the ﬁlter are both optional, but you must specify at

least one of these arguments.

-filter filter

Search ﬁlter for the CRL, in X.500 Distinguished Name (DN) format, such as

CN=CA

The maximum length of the search_base is 272 characters. If there are spaces in the DN,

you must enclose the DN in double quotes (" "). For example, "CN=My CA".

Default: None. The search_base and the ﬁlter are both optional, but you must specify at

least one of these arguments.

Examples

Load the CRL saved in the ﬁle

/tmp/crl.der

ipsec_config add crl -file /tmp/crl.der

Load the CRL from the LDAP server 192.6.2.1, at path

CN=My PKI,C=US,O=HP

ipsec_config add crl -ldap 192.6.2.1 \

-base C=US,O=HP -filter "CN=My PKI"

IPSEC_CONFIG ADD CSR COMMAND

Name

add_csr - create a Certiﬁcate Signing Request (CSR) for the local system

Synopsis

ipsec_config add csr -subj[ect_name] subject_name

[-alt-ipv4 ipv4_addr ][-alt-ipv6 ipv6_addr ]

[-alt-fqdn fqdn][-alt-user-fqdn user_fqdn]

[-days number_days][-key-length|klen number_bits]

HP-UX IPSec A.02.01 − 8 − Hewlett-Packard Company 15