Manualshelf

Using Microsoft Certificates with HP-UX IPSec A.02.01

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
HP-UX IPSec Certificate Requirements
To use security certificates with HP-UX IPSec A.02.01, your topology must meet the following
requirements:
All security certificates must be administered using a PKI product from the same vendor.
When you configure HP-UX IPSec, you must configure only one PKI vendor for all security
certificate operations.
The PKI must support the following certificate file formats and access methods:
— Certificate Signing Requests: The CA must support Certificate Signing Requests (CSRs)
in Public Key Cryptography Standards (PKCS) Certification Request Syntax #10 format
(commonly referred to as PKCS#10) and encoded using Privacy-Enhanced Mail (PEM)
base64 encoding. This CSR format is typically used for “copy and paste” certificate
requests.
— Certificates: The CA must provide X.509 Version 3 certificates encoded using base64
encoding (sometimes referred to as base64 PEM format).
— Certificate Revocation Lists: The CA must provide X.509 Version 1 or X.509 Version 2
Certificate Revocation Lists formatted using Distinguished Encoding Rules (DER).
A Windows 2003 Server with Certificate Services and web-enrollment support meets these
criteria.
Related Documentation
For information about configuring a Microsoft Windows standalone root CA, see the Microsoft
document Installing and configuring a certification authority. This document is available at the
following website:
http://technet.microsoft.com/en-us/library/cc756120.aspx
For information about configuring a Microsoft Windows enterprise CA, see the Microsoft
document Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure.
This document is available at the following website:
http://technet.microsoft.com/en-us/library/cc772670.aspx
If you using a Microsoft Windows enterprise CA, you can create a certificate template for issuing
IPsec certificates. For more information, see the Microsoft document How to create offline L2TP/IPSec
Certificates. This document is available at the following website:
http://support.microsoft.com/kb/555281
For general information about configuring HP-UX IPSec, see the HP-UX IPSec A.02.01
Administrator's Guide. This document is available from the HP Technical Documentation website
at http://docs.hp.com.
For information about configuring Microsoft Windows security policies to operate with HP-UX
IPSec, see Configuring Microsoft Windows IP Security to Operate with HP-UX IPSec and Configuring
Microsoft Windows Vista and Windows Server 2008 to Operate with HP-UX IPSec. These documents
are available from the HP Technical Documentation website at http://docs.hp.com.
Multi-Tier Topologies
HP-UX IPSec version A.02.01 does not support multi-tier PKI topologies. To use a multi-tier PKI
topology, you must install HP-UX IPSec version A.03.00 or later. For more information, see Using
Microsoft Windows Certificates with HP-UX IPSec A.03.00. This document is available from the HP
Technical Documentation website at http://docs.hp.com.
8