HP-UX Software Assistant Reference (November, 2010)

ManualsBrandsHP ManualsSoftwareHP-UX Software Assistant (SWA) Software

-x crl_check=true

Usage: Advanced

When set to true, SWA will require the Certificate Revocation List (CRL) to be updated and

checked for the trusted Certificate Authority (CA) certificate being used to validate the remote

server.

In the unlikely event that the private certificate of the server pointed to by the catalog_source

option is suspected of being compromised, its certificate will be revoked, and added to a list

of revoked certificates by the CA. See swa-report(1M) for information about the

catalog_source option.

The CRL must be signed by the same certificate chain that signed the host certificate being

checked. Checking the CRL requires regular downloads from the CA, which can lengthen the

SWA run time. If you do not wish to validate a revocation list, set this to false.

-x crl_url=http://crl.verisign.com/RSASecureServer.crl

Usage: Advanced

The URL of the CRL. See the crl_check option for more information. If you are behind a

proxy server, then you will need to configure the proxy information for the protocol being used

to download the CRL.

-x download_cmd=

Usage: Intermediate

The download_cmd extended option can be used to override the default SWA download

commands, and therefore the protocols SWA uses to download the catalog and patch files.

The command is enclosed in single quotes ('). This option is useful in cases where a system

does not have a direct connection to the Internet, but can execute a command that can download

a URL from the Internet (for example, by using a gateway machine).

Using this option overrides many options which are used by the internal SWA download

functionality, including proxy and CRL configuration.

The command specified with this option must:

• Take one argument supplied by SWA: the URL of the file content to download.

• Output the retrieved file content to standard output.

The download command extended option will always be run with elevated privileges.

If the actual command in your environment behaves differently, it can be wrapped by a shell

script in order to provide the interface that SWA needs.

Note: Programs like wget, curl, and Perl's GET can be used to pass the contents of a URL

to standard output. These commands may provide support for different types of proxies or can

be used with ssh to work with a gateway server. The GET command provides basic

functionality. The wget and curl commands provide extended functionality and are provided

with HP-UX 11i Internet Express (see http://www.hp.com/go/internetexpress). All three of

these commands are available for operating systems other than HP-UX, such as Linux and

Windows. For example, some external commands can authenticate using Windows NT®-based

domain passwords to a Microsoft® web proxy, which is not directly supported by SWA.

Example: Use SWA with a Gateway

This example requires SWA version C.02.80 or later. Download the latest version of SWA

from http://www.hp.com/go/swa-download.

If you would like to use SWA without direct internet access, you can use the download_cmd

extended option and a gateway server to access the catalog and patch files. This gateway

can be a non-HP-UX system.

We will use GET to download the catalog, since the catalog is not very large, and use wget

within a script to download the patches.