HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

Description

The ipsec_config add csr

command creates a PKCS#10 Certiﬁcate Signing Request (CSR) for the

local system. The

ipsec_config

utility generates a public/private key pair and encodes an unsigned

X.509 certiﬁcate with the public key in a PKCS#10 CSR ﬁle and encoded using Privacy-Enhanced Mail

(PEM) base64 encoding. The

ipsec_config utility saves the CSR in the ﬁle

/var/adm/ipsec/ipsec.csr

. The administrator can then submit the

/var/adm/ipsec/ipsec.csr

ﬁle to the Certiﬁcate Authority (CA) and request a signed certiﬁcate.

The

ipsec_config add csr

command is one of three

ipsec_config

commands for using

certiﬁcates with HP-UX IPSec; the other commands are

ipsec_config add cert

and

ipsec_config add crl

Options and Operands

The

ipsec_config add csr

command recognizes the following options and operands:

-subject

subject_name

Speciﬁes the value you want in the

subjectName ﬁeld for the certiﬁcate in X.500 Dis-

tinguished Name (DN) format. The DN consists of at least one of the following attributes:

CN=

commonName

country

organization

OU=

organizationalUnit

The attributes are all optional, but you must specify at least one. Use commas to delimit mul-

tiple attributes. The order of the attributes is ignored and the DN is not case sensitive. For

example: CN=host1,C=US,O=HP

If there are spaces in the DN, you must enclose the DN in double quotes (" "). For example:

"CN=host1,C=US,O=Some Corp,OU=Blue Team"

The variables are deﬁned as follows:

commonName

The commonName of the DN in printable string format. The maximum length is 64

characters.

country

The two-character ISO 3166-1 code for the country in the DN, for example

US for

United States of America.

organization

The organization of the DN, for example

Hewlett-Packard

. The maximum

length is 64 characters.

organizationalUnit

organizationalUnit for the DN, for example

Marketing

. The maximum length is

64 characters.

-alt-ipv4

ipv4_addr

Speciﬁes the IPv4 address you want in the subjectAlternativeName ﬁeld of the certiﬁcate.

-alt-ipv6 ipv6_addr

Speciﬁes the IPv6 address you want in the subjectAlternativeName ﬁeld of the certiﬁcate.

-alt-fqdn

fqdn

Speciﬁes the Fully Qualiﬁed Domain Name (FQDN) you want in the subjectAlternativeName

ﬁeld of the certiﬁcate, such as myhost.hp.com

. The FQDN is also referred to as the Domain

Name Service or DNS name.

-alt-user-fqdn user_fqdn

Speciﬁes the User-Fully Qualiﬁed Domain Name in SMTP format that you want in the the

subjectAlternativeName ﬁeld of the certiﬁcate, such as such as user@myhost.hp.com.

-days number_days

Speciﬁes the number of days for which the certiﬁcate will be valid. Verify that the number you

specify is within the range allowed by Certiﬁcate Authority (CA).

16 Hewlett-Packard Company − 9 − HP-UX IPSec A.02.01