Using Microsoft Certificates with HP-UX IPSec A.02.01

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Table of Contents

About This Document.........................................................................................................5

Typographic Conventions......................................................................................................................5

Introduction............................................................................................................................................7

Testing Environment.........................................................................................................................7

HP-UX IPSec Certificate Requirements.............................................................................................8

Related Documentation..........................................................................................................................8

Multi-Tier Topologies.............................................................................................................................8

Configuring a Certificate for an HP-UX Client......................................................................................9

Step 1: Creating the Certificate Signing Request...............................................................................9

Windows IKE Peers......................................................................................................................9

HP-UX IKE Peers........................................................................................................................10

Additional Options....................................................................................................................10

Step 2: Submitting the CSR..............................................................................................................10

Using the Microsoft Certificate Services Utility to Submit a CSR.............................................10

Using the certreq Command to Submit the CSR.............................................................................13

Step 3: Approving the CSR..............................................................................................................13

Using the Certification Authority GUI to Approve the CSR.....................................................14

Using the certutil Command to Approve the CSR....................................................................14

Step 4: Exporting the Client Certificate...........................................................................................14

Using the Certification Authority GUI to Export the Client Certificate....................................15

Using the certreq Command to Export the Client Certificate....................................................16

Step 5: Exporting the CA's Certificate.............................................................................................17

Step 6: Adding the Client and CA Certificate to HP-UX IPSec ......................................................18

Step 7: (Optional) Verifying the Client Certificate..........................................................................18

Step 8: Downloading the Certificate Revocation List......................................................................18

Step 9: Adding the CRL to HP-UX IPSec ........................................................................................20

Step 10: Completing the HP-UX IPSec Configuration....................................................................20

Host Policies...............................................................................................................................20

IKE Policy...................................................................................................................................21

Authentication Records..............................................................................................................21

Configuring Authentication Records for Windows IKE Peers.............................................21

Additional Options...............................................................................................................21

Configuring a Certificate for a Windows Client...................................................................................22

Step 1: Creating and Submitting the CSR........................................................................................22

Step 2: Approving the CSR..............................................................................................................26

Step 3: Installing the Client Certificate............................................................................................26

Step 4: Installing the CA's Certificate..............................................................................................27

Step 5: (Optional) Verifying the Certificates....................................................................................29

Step 6: Downloading the CRL.........................................................................................................30

Step 7: Completing the IP Security Configuration..........................................................................30

Glossary............................................................................................................................33

Table of Contents 3