HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

111

112

113

114

115

116

117

118

119

120

Not Before: Feb 13 05:34:10 2009 GMT

Not After : Feb 13 05:34:10 2010 GMT

Subject: C=US, O=HP, OU=LAB, CN=foo1

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public Key: (1024 bit)

Modulus (1024 bit):

00:cc:98:d6:7d:83:13:91:d9:23:ca:14:3f:65:61:

4b:70:b7:13:45:d1:af:5c:71:83:44:9d:8a:4e:4a:

45:5a:da:10:57:3c:a3:25:3e:64:c0:8f:e7:4d:34:

c0:2b:00:64:39:d5:78:b9:6d:28:19:2b:ac:f9:14:

0f:ef:04:f9:46:76:8e:ce:03:98:3d:72:4d:c1:a9:

a5:47:f0:47:c1:4e:a4:ec:04:24:a4:d1:1e:3d:3d:

47:d5:6e:66:8a:a1:59:6d:fe:31:1d:9a:f0:53:e1:

48:87:92:2e:76:31:79:8e:82:c2:78:97:0b:9b:ae:

b3:22:b3:d9:d3:28:72:c4:69

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

53:E6:7D:C7:C7:4B:D1:17:A5:63:06:38:99:C1:DC:AA:DF:EE:52:DE

X509v3 Authority Key Identifier:

keyid:CB:CE:9E:E3:6D:B5:47:E5:32:8E:04:1A:70:8C:C6:69:7D:D0:25:6E

DirName:/C=US/O=HP/OU=LAB/CN=foobar/emailAd

dress=root@foo.hp.com

serial:02

X509v3 Subject Alternative Name:

IP Address:10.1.1.1

X509v3 Key Usage:

Digital Signature, Non Repudiation, Key Encipherment

Signature Algorithm: md5WithRSAEncryption

c4:be:de:d2:1b:b2:0c:33:0b:1f:56:09:eb:4c:cf:d1:33:51:

87:91:46:d8:2a:40:9f:d4:de:42:3f:da:4b:71:4c:28:e7:5d:

8f:12:1f:5d:67:fd:e5:e2:51:be:46:54:24:cb:e3:45:7d:c1:

1b:e5:35:b3:01:15:ee:7e:2b:a0:df:6e:ba:e5:c6:a6:14:96:

75:a4:61:5d:0c:02:e7:08:b6:1c:ff:c5:ea:84:be:ae:b1:08:

17:63:b6:5f:e2:79:57:fa:f2:fa:15:88:12:d3:a7:3d:18:39:

71:80:8a:ff:d3:e2:72:51:ea:b6:d1:02:12:a3:c0:b3:9d:22:

41:ea:4c:9d:7d:94:85:07:f5:9d:19:25:d3:b1:17:c5:9d:12:

e1:5f:21:ab:b7:5d:ba:07:f6:bf:d7:a3:52:fd:18:c2:7f:22:

e4:8b:11:e6:63:79:72:63:f7:3f:f4:03:70:03:33:f7:96:48:

b9:d8:4e:5a:b1:d1:35:1a:78:00:35:12:cb:9f:45:22:e9:98:

d2:6b:ff:50:5b:06:ad:f0:aa:8f:c9:9b:a5:5f:c5:99:37:9f:

23:87:2b:b2:32:a9:11:17:fb:e5:78:2d:e9:3a:24:29:21:48:

f3:38:2e:6c:8b:b0:f2:a4:c9:84:37:aa:bd:05:3b:89:77:92:

f8:3c:44:a1

-----BEGIN CERTIFICATE-----

MIIDzTCCArWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADBtMQswCQYDVQQGEwJVUzEL

MAkGA1UECBMCQ0ExCzAJBgNVBAoTAkhQMQ0wCwYDVQQLEwRTSVNMMRQwEgYDVQQD

: :

sPKkyYQ3qr0FO4l3kvg8RKE=

-----END CERTIFICATE-----

Viewing the CA Certificate and CRL Files

To determine the subject names for CA certificate files and the issuer names for CRL files, use the

following command:

ipsec_config show cacert

The ipsec_config show cacert command also displays the valid date range for each CRL

(the lastUpdate and nextUpdate fields).

In the following example, the file 5b0152d9.0 contains the CA certificate and the file

5b0152d9.r0 contains the CRL. The subject and issuer name is /C=US/O=HP/OU=LAB/CN=myPKI

for both objects.

Managing Certificate Data 113