Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
11121314151617181920
[-alt-user-fqdn user_fqdn1 [-alt-user-fqdn user_fqdn2 ... -alt-user-fqdn
user_fqdn20]]
nl
[-key_length number_bits] [-days number_days]
Description of revised ipsec_config add csr command alternative-name options
The three alternative-name options are as follows:
Specifies the IPv4 address you want in the subjectAlternativeName field of the certificate. You
can specify up to 20 IPv4 addresses by repeating the -alt-ipv4 ipv4_addr argument accordingly.
For example, the following specifies three IPv4 addresses:
nl
-alt-ipv4 ipv4_addr
-alt-ipv4 192.6.2.2 -alt-ipv4 192.6.2.3
nl
-alt-ipv4 192.6.2.5
Specifies the FQDN (Fully Qualified Domain Name) you want in the subjectAlternativeName
field of the certificate, such as myhost.acme.com. The FQDN is also referred to as the Domain
-alt-fqdn fqdn
Name Service or DNS name. You can specify up to 20 FQDNs by repeating the -alt-fqdn
fqdn argument accordingly. For example, the following specifies two FQDNs:
nl
-alt-fqdn myhost1.acme.com -alt-fqdnmyhost2.acme.com
Specifies the User-FQDN you want in the subjectAlternativeName field of the certificate, such
as johnson@myhost.acme.com. You can specify up to 20 User-FQDNs by repeating the
-alt-user-fqdn user_fqdn1
-alt-user-fqdn user_fqdn argument accordingly. For example, the following specifies two
User-FQNDs:
nl
-alt-user-fqdn johnson@myhost.acme.com
nl
nichols@home.acme.com
Examples of the ipsec_config add csr command specifying multiple
alternative names
In the following example, the ipsec_config add csr command specifies two IPv4 addresses, two
FQDNs, and a single User-FQDN as alternative names in the specified certificate:
%ipsec_config add csr -subject cn=myhost,c=us,o=hp,ou=lab \
-alt-ipv4 192.6.2.2 -alt-ipv4 192.6.1.1 \
-alt-fqdn myhost.hp.com -alt-fqdn myhost2.hp.com \
-alt-user-fqdn roadrunner@acme.com
In the following example, the command specifies one IPv4 address, one FQDN, and two
User-FQDNs:
%ipsec_config add csr -subject cn=myhost,c=us,o=hp,ou=lab \
-alt-user-fqdn roadrunner@acme.com \
-alt-user-fqdn bunny@acme.com -alt-user-fqdn wolf@acme.com
Features in HP-UX IPSec A.03.00.00
The documentation reflects the following changes to the HP-UX IPSec product:
“IKE policy changes” (page 20)
“Support for IKE version 2” (page 21)
“IKEv1 and IKEv2 policies replace IKE policies” (page 21)
default IKEv1 and IKEv2 policies” (page 21)
“The ipsec_config add ike command is deprecated” (page 21)
“IKE DES encryption is obsolete” (page 21)
“IKEv1 Perfect forward secrecy with keys only” (page 22)
Examples of the ipsec_config add csr command specifying multiple alternative names 19