Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
41424344454647484950
Determining the Compiler Data Model
If you do not know the compiler data model used to compile an application, use the file
command to report the object file type. In the following example, stunnel was compiled using
a 32-bit (ELF-32) data model:
# file /usr/sbin/stunnel
/usr/sbin/sshd: ELF-32 executable object file - IA64
Step 3: Specifying Engine Information for the Application
You must provide the following information about the TPM engine to the OpenSSL application:
The location of the appropriate TPM OpenSSL engine library
Any control commands or directives needed to identify, load, and initialize the TPM engine
The location of the TPM-protected private key
The location of the X.509 certificate associated with the TPM-protected private key
For most applications, you specify this information in a configuration file. The specific syntax
varies according to the application and the engine mechanism used.
You might also need to specify that you want to use the engine named dynamic. The dynamic
engine accepts OpenSSL engine control commands to load the TPM engine from the specified
TCS library and initialize the engine.
For an example of application configuration data for the TPM engine, see “Stunnel TPM Engine
Information” (page 46).
Step 4: Distributing the X.509 Certificate
After you have obtained an X.509 certificate associated with a TPM-protected private key,
distribute it as you normally would according to the application requirements.
Stunnel Examples
Stunnel provides secure, encrypted communication channels between network nodes.
Administrators can secure communication for network applications such as telnet and mail,
by redirecting the application packets through an Stunnel connection. Stunnel is available for
free as part of the HP-UX Internet Express bundle from the HP software depot website at http://
software.hp.com. The HP support policy for Stunnel is described in the HP-UX Internet Express
Product Overview Guide.
The following sections contain specific examples of how to create and configure certificates with
TPM-protected keys for Stunnel authentication:
“Stunnel and telnet Example” (page 45)
“Stunnel and Mail Example” (page 48)
“Stunnel and Secure LDAP Example” (page 51)
Stunnel and telnet Example
This example configures a simple Stunnel for telnet requests from myClient to myServer.
You can use a similar configuration to test TCS operation with Stunnel before configuring more
complex Stunnel topologies.
Creating Certificates with TPM-Protected Keys
On myClient, create a TCS RSA key pair (myClientKeyblob):
myClient> tpmcreate myClientKeyblob
Create the certificate request (myClient_csr.pem) using the key pair with the OpenSSL 0.9.8
openssl req command. Specify the -keyform engine and -engine tpm options:
Step 3: Specifying Engine Information for the Application 45