HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

111

112

113

114

115

116

117

118

119

120

commonName : The commonName of the DN in printable string format. This field cannot contain

commas and must be 64 bytes or less.

country : The two-character ISO 3166-1 code for the country listed in the DN, for example US

for United States of America. This field cannot contain commas.

organization : The organization of the DN, for example Hewlett-Packard. This field cannot

contain commas and must be 64 bytes or less.

organizationalUnit : The organizationalUnit for the DN, for example Marketing. This

field cannot contain commas and must be 64 bytes or less.

Default: None.

-alt-ipv4 ipv4_addr

The IPv4 address you want in the subjectAlternativeName field for the certificate, entered in

dotted-decimal notation.

TIP: HP recommends that you specify the -alt-ipv4 argument (or -alt-ipv6 , if the system

uses IPv6 addresses) for most topologies. HP-UX IPSec uses IP addresses for IKE IDs by default,

so if you specify -alt-ipv4 (or -alt-ipv6 ) and the system is not multihomed, you will not

have to configure an authentication record for this system on the local system, and you will not

have to configure an authentication record for this system on remote systems.

Default: None.

-alt-ipv6 ipv6_addr

The IPv6 address you want in the subjectAlternativeName field for the certificate, entered in

colon-hexadecimal notation.

Default: None.

-alt-fqdn fqdn

The Fully Qualified Domain Name (FQDN) you want in the subjectAlternativeName field for

the certificate. The FQDN also known as Domain Name Server or DNS name, such as

myhost.hp.com.

Default: None.

-alt-user-fqdn user_fqdn

The User Fully Qualified Domain Name (User FQDN) you want in the subjectAlternativeName

field for the certificate. Specify the User FQDN in SMTP format, such as user@myhost.hp.com.

-key_length number_bits

The key length for the public/private keys, in bits. Verify that the value you specify is allowed

by your CA.

Valid Values: 512, 1024, 2048, or 4096 (bits).

Default: 1024.

-days number_days

Number of days for which the certificate will be valid. Verify that the value you specify is within

the range allowed by your CA.

Range: 1 - 65535.

Default: 365.

Step 1: (Optional) Getting a Certificate for the Local System 119