Manualshelf

Using Microsoft Certificates with HP-UX IPSec A.02.01

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
11121314151617181920
Figure 16 Download Page, CRL
4. When the utility opens the File Download dialog box, select Save to save the CRL to a file.
Select a folder in which to store the file. HP recommends that you use the default file name
(certcrl.crl). Click Save.
Click Close after the download completes.
5. Copy or move the CRL file to an appropriate location if necessary. On HP-UX systems, HP
recommends that you install the file in the /var/adm/ipsec directory.
Step 9: Adding the CRL to HP-UX IPSec
On the HP-UX system, use the ipsec_config add crl command to add the CRL to the
HP-UX IPSec storage scheme:
ipsec_config add crl -file crl_filename
For example:
ipsec_config add crl -file /var/adm/ipsec/certcrl.crl
See ipsec_config_add(1M) for more information.
Step 10: Completing the HP-UX IPSec Configuration
To complete the HP-UX IPSec configuration, you must configure the following items:
host policies
IKE policies
authentication records
Host Policies
In this example, the local system (foo2) has the address 10.2.2.2 and the remote system (foo1)
has the address is 10.1.1.1. All packets to and from the remote system are secured using
authenticated the Encapsulating Security Payload (ESP) protocol with Triple Data Encryption
Standard (3DES) and Secure Hash Algorithm 1 (SHA1). The administrator configures the following
host policy:
20