Manualshelf

Using Microsoft Certificates with HP-UX IPSec A.03.00

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
6
3. Import the Root CA certificate and CRL into the intermediate CA.
HP used a batch file containing certutil –addstore –f Root commands for this task as
described in the Microsoft PKI document.
4. Verify the Root CA certificate on the intermediate CA.
HP used the certutil -verifystore root command to complete this task.
5. Install the Offline Intermediate CA Software Components
HP used the Microsoft Components Wizard to install the Certificate Services components.
For CA type, select Stand-alone subordinate CA.
For CA Identifying Information, HP specified the following data:
Common name for this CA: IPSecIntermCA1 (on the second intermediate CA, specify
IPSecIntermCA2)
Distinguished name suffix: dc=HP-AD1,dc=hpipsec,dc=hp,dc=com.
The Wizard creates a certificate request for the intermediate CA and saves it to a file as part of
the installation process.
6. Process the certificate request on the Root CA.
Transfer the certificate request file to the root CA. On the root CA, process the certificate request to
create a certificate for the intermediate CA.
HP used the Microsoft Management Console (MMC) snap-in on the root CA to process the
certificate request from the intermediate CA as described in the Microsoft PKI document.
7. Export the intermediate CA certificate from the root CA.
On the root CA, you must export the certificate for the intermediate CA to a file that also contains
the root CA certificate. When exporting the certificate, select Cryptographic Message Syntax
Standard - PKCS#7 Certificates (P7B) and select Include all certificates in the certification path if
possible.
HP saved the PKCS#7 file on removable media for transfer to the intermediate CAs.
8. Install the certificate on the intermediate CA.
Before installing the certificate on the intermediate CA, HP used the certutil -verify
command as described in the Microsoft PKI document to verify the PKCS#7 file.
HP used the certutil.exe -installcert command as described in the Microsoft PKI
document to install the PKCS#7 file on the intermediate CA.
9. Configure the intermediate CA.
HP used the sample script to configure an intermediate CA provided in the Microsoft PKI document
with the following modifications:
myADnamingcontext: The value for myADnamingcontext is set to the namespace of the
forest root domain.
HP set this value as follows:
SET myADnamingcontext=dc=HP-AD1,dc=hpipsec,dc=hp,dc=com
myhttpPKIvroot: HP set this value as follows:
SET myhttpPKIvroot=http://www.hp.com/pki