Manualshelf

Using Microsoft Certificates with HP-UX IPSec A.03.00

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
3
The clients use certificates issued by the issuing CAs for IPsec IKE authentication. The client host1 is
an HP-UX system with HP-UX IPSec A.03.00 installed. The client host2 is a Microsoft Windows XP
system with Service Pack 2 (SP2) installed.
NOTE: When using a multilevel or multitier PKI topology, the HP-UX IPSec version must be A.03.00
or later. HP-UX IPSec version A.02.01 does not support multilevel PKIs but is compatible with
Microsoft Windows enterprise CAs.
Figure 1 shows the PKI topology and the IPsec hosts.
Figure 1. PKI Topology with IPsec Hosts
The hpent1 system (the IPSecEntCA1 CA) is configured as a member of the following Active
Directory domain:
dc=HP-AD1,dc=hpipsec,dc=hp,dc=com
This is also the Active Directory forest root domain.
The hpent2 system (the IPSecEntCA2 CA) is configured as a member of the following Active
Directory domain:
dc=HP-AD2,dc=hpipsec,dc=hp,dc=com