HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

101

102

103

104

105

106

107

108

109

110

ipsec_config add crl -file Syntax

The add crl functionality is not supported in ipsec_config batch files. Use the following

ipsec_config add crl syntax to add a CRL from a local file to the HP-UX IPSec storage scheme

ipsec_config add crl -file crl_filename

-file crl_filename

Name of the local file containing the CRL.

Default: None.

Example

The following command adds /tmp/crl.der , the CRL file in DER format received from the CA,

to the /var/adm/ipsec/certstore directory.

ipsec_config add crl -file /tmp/crl.der

ipsec_config add crl -ldap Syntax

Use the following ipsec_config add crl syntax to add a CRL from an LDAP directory to the

HP-UX IPSec storage scheme:

ipsec_config add crl -ldap server [-port port_number]

-base search_base [-filter search_filter][-user user [-password password]]

-ldap server

The hostname or address of the LDAP server where the CRL is stored.

Default: None.

-port port_number

TCP port number for the LDAP server.

Range: 1 - 65535.

Default: 389, the IANA registered TCP port number for LDAP.

-base search_base

Search base for the CRL, in X.500 Distinguished Name (DN) format, such as C=US,O=HP,OU=Lab.

The search base with the search filter appended to it form a search path to the location of the

certificateRevocationList attribute in the LDAP directory.

The search base and search filter must not overlap. For example, the value O=HP can be part of

the search base or the search filter, but not both.

If there are spaces in the DN, you must enclose the DN in double quotes (““ ). For example,

“C=US,O=My Company,OU=Blue Lab”.

Default: None.

-filter search_filter

An RFC 2254-compliant LDAP search filter. If it includes spaces or shell special characters, enclose

the value in double quotes. For example, -filter "objectClass=*".

Default: "objectClass=*" (match all values for objectClass).

-user user -password password

User and password needed to access the LDAP directory. If the user name includes spaces, enclose

the name in double quotes.

Default: None.

110 Using Certificates with HP-UX IPSec