Manualshelf

Using Microsoft Certificates with HP-UX IPSec A.02.01

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
21222324252627282930
Figure 26 Verifying the Local Certificate in the Certificate Store
3. To view the CA's certificate, expand the Trusted Root Certification Authorities subfolder
under the Certificates (Local Computer) folder by clicking the plus sign (+).
The certificate manager will display icons for trusted root CA certificates in the right pane.
Scroll down to the appropriate CA certificate and select Open to view more information
about the certificate.
Step 6: Downloading the CRL
Use the procedure described in “Step 8: Downloading the Certificate Revocation List” (page 18).
Step 7: Completing the IP Security Configuration
To complete the IP Security configuration, you must specify the CA's certificate in the
authentication methods for an IP Security rule. The IP Security module uses the specified CA
certificate to determine the local certificate to use (and send in an IKE exchange). The IP Security
module searches the path Local ComputerPersonalCertificates in the certificate store for
the first certificate signed by the specified CA (or that has a chain of trust to the CA). The IP
Security module uses this certificate as its local certificate. The IP Security module also uses the
CA's certificate to verify the certificate from the remote system.
Use the following procedure to create or modify a rule to use certificate-based IKE authentication:
1. Start the IP Security Policies snap-in if necessary.
2. Create an IP Security policy or modify an existing policy. To modify an existing policy, select
the policy in the right navigation pane and right click the policy. Select Properties.
3. The IP Security configuration utility opens the Policy Properties dialog box. Select the Rules
tab. Click Add to create a new rule or select a rule you want to modify and click Edit.
4. The IP Security configuration utility opens the Rule Properties dialog box. Select the
Authentication Methods tab.
5. Select the first existing authentication method and click Edit.
6. The IP Security configuration utility opens the Authentication Method Properties dialog
box.
Select Use a certificate from this certification authority (CA).
30