HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software

Determining the TPM OpenSSL Engine Library.......................................................................46

Stunnel Configuration File.........................................................................................................46

Stunnel TPM Key Information..............................................................................................46

Stunnel TPM Engine Information.........................................................................................46

Stunnel Configuration File on myClient for telnet........................................................46

Stunnel Configuration File on myServer for telnet........................................................47

Distributing and Installing Stunnel X.509 Certificates...............................................................48

Testing the Configuration..........................................................................................................48

Stunnel and Mail Example..............................................................................................................48

Creating and Distributing TPM-Protected Certificates.............................................................48

Stunnel Configuration on myClient for Mail Clients..............................................................49

Stunnel Configuration File on myServer for Mail Services.....................................................50

Stunnel and Secure LDAP Example................................................................................................51

Creating and Distributing TPM-Protected Certificates.............................................................51

Stunnel Configuration on myClient for Secure LDAP............................................................51

HP-UX Apache-based Web Server Configuration.....................................................................52

Secure LDAP Server Configuration...........................................................................................53

Backing Up Keys...................................................................................................................................53

6 Using TCS RSA Keys with HP-UX Secure Shell..........................................................55

Overview...............................................................................................................................................55

The tpmcreate Utility...................................................................................................................55

TPM OpenSSL Engine Libraries......................................................................................................56

Requirements...................................................................................................................................56

Configuring SSH Servers to Use TCS Keys..........................................................................................56

Sample Configuration Files.............................................................................................................56

Step 1: Creating a TCS RSA Key Pair for SSH......................................................................................56

Step 2: Determining the TPM OpenSSL Engine Library for SSH.........................................................57

Step 3: Modifying the sshd Configuration File...................................................................................57

Step 4: Installing and Modifying the OpenSSL Configuration File......................................................58

TCS Sample OpenSSL Configuration File.......................................................................................58

Using the TCS Sample OpenSSL Configuration File as a Standalone File......................................59

Modifying the TCS Sample OpenSSL Configuration File..........................................................59

Merging the TCS Sample OpenSSL Configuration File with an Existing File................................59

Step 5: Distributing and Installing the SSH Server Public Key............................................................59

Step 6: Resetting the sshd Daemon......................................................................................................59

Examples...............................................................................................................................................59

SSH User Session.............................................................................................................................60

SSH Tunnels for Mail Services.........................................................................................................60

Backing Up Keys...................................................................................................................................60

7 Protecting EVFS Keys with TCS...................................................................................61

Overview...............................................................................................................................................61

TCS Protection for EVFS Keys.........................................................................................................61

Configuring EVFS to Use TCS .............................................................................................................62

Using the evfs_setup Script to Update Configuration Files.......................................................62

Manually Updating Configuration Files.........................................................................................63

Backing Up and Migrating Keys...........................................................................................................64

Configuring EVFS with TCS for Serviceguard Clusters.......................................................................64

8 Advanced TCS Administration....................................................................................67

Managing Keys.....................................................................................................................................67

Table of Contents 5