Manualshelf

HP-UX IPSec A.03.02.02 Release Notes HP-UX 11i version 3 (766158-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
11121314151617181920
5 Compatibility and installation requirements
This section describes the compatibility information and installation requirements for this release.
For specific installation instructions, see the latest version of HP-UX IPSec version A.03.02.02
Administrator's Guide .
Operating system and version compatibility
HP-UX 11i v3 supports HP-UX IPSec A.03.02.02, A.03.01.01, and A.03.00.01.
Software requirements
HP-UX IPSec requires the following software:
PHNE_43412 patch on HP-UX 11i v3 systems
OpenSSL software version A.00.09.08q or later.
OpenSSL software can be obtained from the following:
On HP-UX 11i v3 systems, the software bundle SysMgmtMin includes OpenSSL software
that meets this requirement.
OpenSSL software for HP-UX is available at no charge from the HP Software Depot
website, at the following web address:
software.hp.com
Search for the product OpenSSL.
Disk requirements
The total size of the disk space required for the HP-UX IPSec product is 50 Mbytes. Requirements
for variable-length user files are listed below:
Configuration database file (/var/adm/ipsec/config.db): minimum of 50 kbytes per
policy file. Most configuration database files will be approximately 1 Mbyte or less. An
extremely large configuration database (thousands of entries) can be as large as 5 Mbytes.
Audit file: This file can grow very fast if Informative auditing is enabled. HP recommends 1
Mbyte for the Alerts and Errors level of logging, 5 Mbytes for the Warnings level, and 200
or more Mbytes for the Informative message level. Informative auditing could generate 3-5
Mbytes per hour. Audit files should be kept in a separate directory or file system. The default
directory is /var/adm/ipsec.
Hardware requirements
This version of HP-UX IPSec runs on HP 9000 and HP Integrity servers.
Public Key Infrastructure requirements
To use security certificates with HP-UX IPSec, your topology must meet the following requirements:
All security certificates must be administered using a PKI product from the same vendor. When
you configure HP-UX IPSec, you must configure only one PKI vendor for all security certificate
operations.
The PKI must support the following certificate file formats and access methods:
Certificate Signing Requests: If you use the ipsec_config utility to create a key pair
and Certificate Signing Request (CSR) that you will submit to the CA, the CA must support
CSRs in Public Key Cryptography Standards #10 format (PKCS#10), and encoded using
Operating system and version compatibility 19