Using Microsoft Certificates with HP-UX IPSec A.03.00
11
7. Click Install this certificate.
8. If the web browser displays a Potential Scripting Violation window, click Yes.
Exporting the certificate and keys
Use the following procedure to create a PKCS#12 file with the host certificate and certificate keys.
1. On the CA system, start the custom MMC created in Configuring certificate services for IPsec on
the issuing CAs.
2. Open the local certificate storage area by expanding Certificates (Local Computer).
Expand Personal.
Expand Certificates.
Look for the certificate you want to export. If you do not see the certificate in the storage area,
you must use a Certification Authority MMC to export the certificate to a file, then import the file to
the local certificate storage area.
3. Right click on the certificate you want to export. Select All Tasks -> Export.
The MMC starts a Certificate Export Wizard.
4. In the Welcome dialog box, click Next.
5. In the Export file format dialog box, select Personal Information Exchange - PKCS #12 (.PFX) and
Enable strong protection if they are not already selected.
Click Next.
6. In the Password dialog box, enter the password for the PKCS#12 file. Make a note of the
password; you will need it for the ipsec_config add mycert command.
Click Next.
7. In the File to Export dialog box, specify a name for the PKCS#12 file. The wizard automatically
appends .pfx to the file name.
Click Next.
Click Finish.
8. Copy the PKCS#12 file to the IPsec host. This file is encrypted and can be transferred over a non-
secure network link.
Configuring HP-UX IPSec
To configure HP-UX IPSec to use the certificate issued by the Microsoft CA, you must:
Load the host certificate to the HP-UX IPSec storage scheme
Load the CA certificates and CRLs to the HP-UX IPSec storage scheme
Configure host policies
Configure authentication records
Configure IKE policies, if needed
Verify the configuration
(Optional) Configure a cron job to periodically retrieve the CRL