Using Microsoft Certificates with HP-UX IPSec A.03.00

certutil –GetCRL IPSecRootCA.crl

2. Transfer the CRL file to the HP-UX system. This file can be transferred over a non-secure network

link.

3. Enter the ipsec_config add crl –file command to load the CRL. For example:

ipsec_config add crl –file IPSecRootCA.crl

Loading CA certificates from the Active Directory Server

To load the CA certificates from the Active Directory server, use the ipsec_config add cacert

–ldap command. This command requires the LDAP search filter (base and filter) for the certificate. HP

used the following syntax to specify the base and filter for the CA certificates published in the Active

Directory:

-base "cn=CA_commonName,cn=AIA,cn=Public Key Services,

cn=Services,cn=Configuration,active_directory_domain"

-filter "objectClass=certificationAuthority"

Where:

CA_commonName is the CN value for the CA, such as IPSecRootCA or IPSecIntermCA1.

Active_directory_domain is the DN for the Active Directory domain, such as

dc=HP-AD1,dc=hpipsec,dc=hp,dc=com.

On host1, HP entered the following commands to load CA certificates the from the Active Directory

server on the host hp-ad1.hpipsec.hp.com:

ipsec_config add cacert -ldap hp-ad1.hpipsec.hp.com \

-base "cn=IPSecRootCA,cn=AIA,cn=Public Key Services,\