HP-UX IPSec Version A.03.00 Administrator's Guide

ipsec_config show cacert

The ipsec_config show cacert command also displays the valid date range for each CRL

(the lastUpdate and nextUpdate fields).

In the following example, the file 5b0152d9.0 contains the CA certificate and the file

5b0152d9.r0 contains the CRL. The subject and issuer name is

/C=US/O=HP/OU=LAB/CN=myPKI for both objects.

# ipsec_config show cacert

In directory /var/adm/ipsec/certstore :

CA cert :

5b0152d9.0 - subject : /C=US/O=HP/OU=LAB/CN=myPKI

CRL :

5b0152d9.r0 - issuer : issuer=/C=US/O=HP/OU=LAB/CN=myPKI

lastUpdate=Mar 4 19:33:08 2009 GMT

nextUpdate=Apr 4 07:53:08 2009 GMT

You can use OpenSSL utilities to display more information about the certificate and CRL files.

For example, you can use the following command to display the information about the root CA

certificate:

openssl x509 -in rootcert.pem -text

Deleting the Local System Certificate

To delete the local system certificate, use the following command:

ipsec_config delete mycert

This command also deletes the /var/adm/ipsec/certstore/mykey.pem private key file

and updates the /var/adm/ipsec/cainfo.txt file to indicate that HP-UX IPSec certificates

are not configured on the system.

Deleting the CA Certificate and CRL Files

To delete a CA certificate or CRL file, delete the appropriate file from the /var/adm/ipsec/

certstore directory. To determine the subject name of a CA certificate file or the issuer name

of a CRL file, use the ipsec_config show cacert command.

Managing Certificate Data 131