HP-UX IPSec Version A.03.00 Administrator's Guide

Step 5: Retrieving the CRL Using cron

If the CA periodically publishes the CRL to an LDAP directory, you can use the following

procedure to automatically retrieve it using the cron utility.

1. Enter the ipsec_config add crl -ldap command if you have not already done so.

In addition to retrieving the CRL, this command creates a file in /var/adm/ipsec/

crl_cron directory that contains information about the LDAP server. The files in this

directory are used by the /var/adm/ipsec/util/crl.cron script file to retrieve the

CRLs.

2. Add the following entries to the root user’s crontab file.

# Retrieve the CRL from the Certificate Authority

# (for HP-UX IPSec)

mn hr mn_day mon wkday /var/adm/ipsec/util/crl.cron

The fields in italics are placeholders. Replace them with appropriate values when you enter

the lines into the crontab file.

For example, to retrieve the CRL every hour on the hour, add the following entries to the

crontab file:

# Retrieve the CRL from the Certificate Authority

# (for HP-UX IPSec)

0 * * * * /var/adm/ipsec/util/crl.cron

3. Execute the crontab command to submit the root crontab file:

crontab /var/spool/cron/crontabs/root

For more information about cron jobs and the crontab file format, refer to the cron(1M) and

crontab(1) manpages.

128 Using Certificates with HP-UX IPSec