HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

121

122

123

124

125

126

127

128

129

130

Default: 389, the IANA registered TCP port number for LDAP.

-base search_base

Search base for the CRL, in X.500 Distinguished Name (DN) format, such as C=US,O=HP,OU=Lab.

The search base with the search filter appended to it form a search path to the location of the

certificateRevocationList attribute in the LDAP directory.

The search base and search filter must not overlap. For example, the value O=HP can be part of

the search base or the search filter, but not both.

If there are spaces in the DN, you must enclose the DN in double quotes (““ ). For example,

“C=US,O=My Company,OU=Blue Lab”.

Default: None.

-filter search_filter

An RFC 2254-compliant LDAP search filter. If it includes spaces or shell special characters, enclose

the value in double quotes. For example, -filter "objectClass=*".

Default: "objectClass=*" (match all values for objectClass).

-user user -password password

User and password needed to access the LDAP directory. If the user name includes spaces,

enclose the name in double quotes.

Default: None.

Examples

The following example retrieves a CRL certificate from a directory server with a simple tree

structure. The CRL is stored as an attribute of the certificationAuthority object.

ipsec_config add cacert -ldap myDirsrv \

-base “C=FR,O=Grande Bleu” -filter “CN=My CA”

The following example retrieves three CRLs for a multiple-level CA structure. The directory

server has a complex tree structure that also requires password authorization.

ipsec_config add crl -ldap myADS.hp.com \

-base "cn=WestCA,cn=Public Key Services,CN=Services,CN=Configuration,DC=IPsec,DC=hp,DC=com" \

-filter "objectClass=cRLDistributionPoint" \

-user "adminCW@hp.com" \

-password myPass

ipsec_config add crl -ldap myADS.hp.com \

-base "cn=EastCA,cn=Public Key Services,CN=Services,CN=Configuration,DC=IPsec,DC=hp,DC=com" \

-filter "objectClass=cRLDistributionPoint" \

-user "adminCW@hp.com" \

-password myPass

ipsec_config add crl -ldap myADS.hp.com \

-base "cn=RootCA,cn=Public Key Services,CN=Services,CN=Configuration,DC=IPsec,DC=hp,DC=com" \

-filter "objectClass=cRLDistributionPoint" \

-user "adminCW@hp.com" \

-password myPass

Step 4: Adding the CRL 127