Manualshelf

Using Microsoft Certificates with HP-UX IPSec A.03.00

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
5
HP used the sample CAPolicy.inf file provided in the Microsoft PKI document without modifications.
Save this file in %Systemroot%\CAPolicy.inf.
2. Install the offline root CA software components.
HP used the Microsoft Components Wizard to install the CertificateServices components.
HP did not install Internet Information Services (IIS) for web enrollment support.
For CA Type, select Stand-alone root CA.
For CA Identifying Information, HP specified the following data:
Common name for this CA: IPSecRootCA
Distinguished name suffix: dc=HP-AD1,dc=hpipsec,dc=hp,dc=com
Because the CA type is Stand-alone root CA, the Wizard creates a self-signed certificate as part of
the installation process.
3. Verify the root CA certificate.
Enter the certutil –ca.cert filename command to save the certificate to a file, where
filename is the name of the CA certificate file, such as IPSecRootCA.cer. Make a note of the
file name; you will need it in later steps.
Enter the certutil.exe filename command to display the contents of the CA certificate file.
4. Verify the root CA configuration information using the certutil –cainfo command.
5. Configure the root CA. HP used the sample script for configuring a corporate root CA in the
Microsoft PKI document with the following modifications:
myADnamingcontext: The value for myADnamingcontext must be set to the namespace
of the forest root domain. This value is used to set or map the Active Directory namespace for
the CRL location and is used when the CRL is published.
HP set this value as follows:
SET myADnamingcontext=dc=HP-AD1,dc=hpipsec,dc=hp,dc=com
myhttpPKIvroot: HP set this value as follows:
SET myhttpPKIvroot=http://www.hp.com/pki
HP did not specify a value for the myLDAPserver variable.
Configuring the intermediate CAs
HP used the procedure described for configuring a standalone offline intermediate CA in the
Microsoft PKI document.
HP configured two intermediate CAs with the CNs IPSecIntermCA1 and IPSecIntermCA2.
The major steps and notes for these steps are as follows:
1. Prepare the CAPolicy.inf file for the intermediate CA.
HP used the sample CAPolicy.inf file provided for intermediate CAs in the Microsoft PKI
document without modifications.
2. Obtain the certificate and CRL from the root CA.
HP used the procedure described in the Microsoft PKI document for this task. On the root CA, HP
used the certutil -ca.cert filename command and the certutil –GetCRL
filename command to copy the root CA certificate and CRL to removable media.