HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)
◦ ipsec.csr
Output from the ipsec_config add csr command (the certificate signing request).
◦ /var/adm/ipsec/ipsec_status.sh
Script that monitors HP-UX IPSec (used with HP Serviceguard).
• /var/adm/ipsec/certstore
Contains the following certificate and CRL files:
◦ mycert.pem
Certificate for the local system.
◦ mykey.pem
Private key for the local system certificate.
◦ rootcert.pem
Softlink to the certificate file for the root CA.
◦ hash.0
CA certificate file, where hash is a hash value generated from the subject name.
◦ hash.r0
CRL file where hash is a hash value generated from the issuer's name.
• /var/adm/ipsec/crl_cron
Contains files information for retrieving CRLs from LDAP servers.
• /var/adm/ipsec/templates
Contains configuration batch file templates.
• /var/adm/ipsec/util
Contains the crl.cron script file that can be used in a cron job to retrieve CRLs from LDAP
servers. This directory also contains utilities used by the HP-UX IPSec commands and user
utilities.
IPsec RFCs
The HP-UX IPSec product conforms to the Internet Engineering Task Force (IETF) RFCs listed in
Table 16 (page 141):
Table 16 Supported IPsec RFCs
RFC TitleRFC Number
Security Architecture for the Internet ProtocolRFC 2401
IP Authentication HeaderRFC 2402
The Use of HMAC-MD5-96 within ESP and AHRFC 2403
The Use of HMAC-SHA-1-96 within ESP and AHRFC 2404
IP Encapsulating Security Payload (ESP)RFC 2406
The Internet IP Security Domain of Interpretation for ISAKMPRFC 2407
Internet Security Association and Key Management Protocol (ISAKMP)RFC 2408
The Internet Key Exchange (IKE)RFC 2409
The NULL Encryption Algorithm and Its Use with IPsecRFC 2410
IPsec RFCs 141