HP Tru64 UNIX Technical Updates for the Version 5.1B and Higher Operating System and Patches (February 2010)
Enter a certificate name, select a certificate encoding method, and enter the local path
to the certificate file.
a.
b. If the certificate authenticates your system, select the encoding method and enter the
local path to the private key file.
c. If the certificate is trusted to sign other certificates, select CA Certificate. Otherwise, go
to step f.
d. If a Certificate Revocation List (CRL) is not available, select No Certificate Revocation
List (CRL) Available. Go to step f.
e. Select an encoding method for the CRL and enter a local path to the CRL file.
f. Select OK to accept the data and close the Add/Modify Certificates dialog box.
16. Select a certificate for the IKE exchange. Go to step 19.
17. If you selected pre-shared key, select Add an IKE pre-shared key. The Add/Modify IKE
Keys dialog box is displayed. Do the following:
a. Enter a key name and key value.
b. Select a local identity type.
c. Enter an identity string, usually your IP address or domain name.
d. Select OK to accept the data and close the Add/Modify IKE Keys dialog box.
18. Select a pre-shared key for the IKE exchange.
19. Select Next to close the Add/Modify Connection: IKE Authentication dialog box and display
the Add/Modify Connection: Optional IKE Parameters dialog box. Do the following:
a. Select any optional parameters.
b. Select an IKE group number for initial Diffie-Hellman exchanges, if it is different from
the IKE proposals.
c. If you are using Perfect Forward Secrecy (PFS), select a group number future for
Diffie-Hellman exchanges.
d. Select a default lifetime if the proposal does not specify a lifetime.
e. Select Finish to accept the data and close the Add/Modify Connection: Optional IKE
Parameters dialog box.
20. An informational dialog box is displayed that tells you the connection has been created.
Select OK to close this dialog box.
21. If you need to specify additional public-key certificates, select Add in the Public-Key
Certificates field to display an Add/Modify Certificates dialog box into which you can enter
information for the certificate. Do the following:
a. Enter the certificate name, select a certificate encoding method, and enter a local path
to the certificate file.
b. If the certificate authenticates your system, select a private key encoding method and
enter a local path to the private key file.
c. If the certificate is trusted to sign other certificates, select CA Certificate. Otherwise, go
to step f.
d. If a Certificate Revocation List (CRL) is not available, select No Certificate Revocation
List (CRL) Available. Go to step f.
e. Select an encoding method for the CRL and enter a local path to the CRL file.
f. Select OK to accept the data and close the Add/Modify Certificates dialog box.
22. Select OK in the IPsec main window to save the configuration information. Whether or not
IPsec is already running on your system, the Restart IPsec? dialog box is displayed. If you
want to start or restart IPsec, select OK; otherwise, select No. If you select No, you must
reboot the system to start or restart IPsec.
See the Network Administration: Connections manual for information on solving possible
interoperability problems.
Operating System and Associated Products Updates 27