HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

121

122

123

124

125

126

127

128

129

130

Step 2: Adding the Local Certificate

After the CA creates signed certificates for the local system, use the ipsec_config add mycert

command to add the certificates to the HP-UX IPSec storage scheme.

There are two syntax formats for the ipsec_config add mycert command:

• ipsec_config add mycert -file

The ipsec_config add mycert -file syntax extracts the system certificate from a

file. The file can be in PEM, DER, or PKCS#12 format. You must use this method if you did

not generate a CSR using HP-UX IPSec; the file must be in PKCS#12 format and include the

certificate and private key for the certificate. See “ipsec_config add mycert -file

Syntax” (page 122).

If the certificate file is password protected, the ipsec_config utility prompts you for a

password.

• ipsec_config add mycert -ldap

The ipsec_config add mycert -ldap syntax retrieves the system certificate from an

LDAP database. See “ipsec_config add mycert -ldap Syntax” (page 122).

The ipsec_config add mycert command stores the certificate for the local system in the

file /var/adm/ipsec/certstore/mycert.pem. If the input file is in PKCS#12 format, the

command also stores the private key in the file /var/adm/ipsec/certstore/mykey.pem.

The ipsec_config add mycert functionality is not supported in ipsec_config batch files.

ipsec_config add mycert -file Syntax

Use the following ipsec_config add mycert syntax to extract the certificate for the local

system from a file and add the certificate to the HP-UX IPSec storage scheme:

ipsec_config add mycert -file mycert_filename

-file mycert_filename

Specifies the name of the DER, PEM, or PKCS#12 file containing the certificate for the local system.

If this is a PKCS#12 file, ipsec_config prompts you for the password and extracts the private

key.

Default: None.

Example

The following command extracts the certificate for the local system from the /tmp/hostA.pem

file received from the CA ( and stores it in the file /var/adm/ipsec/certstore/mycert.pem:

ipsec_config add mycert -file /tmp/hostA.pem

ipsec_config add mycert -ldap Syntax

Use the following ipsec_config add mycert syntax to import the certificate for the local

system from an LDAP directory and add the certificate to the HP-UX IPSec storage scheme:

ipsec_config add mycert -ldap server [-port port_number]

-base search_base [-filter search_filter] [-user user [-password password]]

-ldap server

The hostname or address of the LDAP server where the certificate for the local system is stored.

Default: None.

-port port_number

TCP port number for the LDAP server.

122 Using Certificates with HP-UX IPSec