Manualshelf

HP-UX IPSec A.03.02.02 Release Notes HP-UX 11i version 3 (766158-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
11121314151617181920
Privacy-Enhanced Mail (PEM) base64 encoding. This CSR format is typically used for
copy and paste certificate requests.
If you are using a CA or PKI utility to create the key pair and CSR, the CA must provide
the certificate for the local system and the private key in a PKCS#12 encoded file.
Certificates: The CA must provide X.509 Version 3 certificates encoded using one of the
following formats:
Privacy-Enhanced Mail base64 (PEM)
Distinguished Encoding Rules (DER)
PKCS#12 (valid only for the local system certificate; not valid for CA certificates)
The ipsec_config utility can load a certificate from a local file. The ipsec_config
utility can also retrieve the certificate from an LDAP directory.
Certificate Revocation Lists: The CA must provide X.509 Version 1 or X.509 Version 2
Certificate Revocation Lists (CRLs).
Implementations that meet these requirements include:
OpenSSL
Microsoft Windows 2003 Certification Authority
Multiple-level CA requirements
If you are using a multiple-level CA structure, or chained CAs, you must have a certificate for each
CA in the authentication chain to the peer, and a CRL for each CA. In other words, you must have
a certificate and CRL for each of the following CAs:
the root CA
each CA in the authentication chain from the local system to the root CA
each CA in the authentication chain from the peer system to the root CA
Each certificate and CRL must be contained in a separate certificate file or directory object; HP-UX
cannot store multiple certificates or CRLs from a single file or directory object.
20 Compatibility and installation requirements