Using Microsoft Certificates with HP-UX IPSec A.02.01
Configuring a Certificate for a Windows Client
This section describes one method for configuring a certificate on a Windows client for IP Security
to be compatible with HP-UX IPSec. The primary utility we use is the web-based Microsoft
Certificate Services utility. For information on using alternative Windows utilities, see the
Windows documentation set.
This section describes how to configure a certificate for a Windows client using the following
steps:
1. On the Windows client, use the Microsoft Certificate Services utility to create and submit a
CSR. See “Step 1: Creating and Submitting the CSR” (page 22).
2. On the CA, approve the CSR. See “Step 2: Approving the CSR” (page 26).
3. On the Windows client, use the Microsoft Certificate Services utility to install the client
certificate. See “Step 3: Installing the Client Certificate” (page 26).
4. On the Windows client, install the CA's certificate. See “Step 4: Installing the CA's Certificate”
(page 27).
5. (Optional) On the Windows client, use the MMC Certificates snap-in to verify and view the
certificates. See “Step 5: (Optional) Verifying the Certificates” (page 29) .
6. On the Windows client, download the CRL. See “Step 6: Downloading the CRL” (page 30).
7. Complete the IP Security configuration on the Windows client by modifying the
Authentication Method for a rule to use certificate-based authentication for IKE. See “Step
7: Completing the IP Security Configuration” (page 30).
Step 1: Creating and Submitting the CSR
On the Windows client, use the following procedure to create and submit the CSR to the Window's
Certificate Authority (CA):
1. Start a web browser.
Connect to the Microsoft Certificate Services on the CA system using the following URL:
http://ca_system/certsrv
where ca_system is the CA system name or IP address.
2. The Microsoft Certificate Services utility starts and displays the Welcome page.
Select Request a certificate.
22