HP-UX IPSec A.03.02.02 Release Notes HP-UX 11i version 3 (766158-001, April 2014)
0x and are using it with a release prior to A.03.00, the key values will not match. Change
the preshared key values on both systems.
• Configure the AUTOCONF flag in authentication records for autoconfiguration clients. In previous
releases, the AUTOCONF flag was set in host policies. The use of the AUTOCONF flag in host
policies is deprecated and might be removed in future product releases.
Certificate files
Beginning with release A03.00, HP-UX IPSec stores certificate and CRL files in new locations. The
ipsec_migrate utility performs the following tasks when migrating to HP-UX IPSec version
A.03.0x from previous versions:
• Extracts certificates, the private key and certificate data from the following files under the
/var/adm/ipsec/backup directory:
/var/adm/ipsec/cainfo.txt
/var/adm/ipsec/ipsec.key
/var/adm/ipsec/ipsec.cert
The ipsec_migrate utility prompts the user for the HP-UX IPSec password and uses the
password to decrypt and extract the private key. It also extracts the certificates for the local
system and CA and stores the certificates and keys in files under the /var/adm/ipsec/
certstore directory.
• If the file /var/adm/ipsec_gui/cron/crl.cron exists, ipsec_migrate creates a
soflink from this file to /var/adm/ipsec/util/crl.cron. The crl.cron is a file is a
script that can be executed from a cron job to periodically retrieve CRLs from LDAP directories.
This file was located in the/var/adm/ipsec_gui/cron directory in previous releases.
You can modify and resubmit the root crontab file to execute the /var/adm/ipsec/util/
crl.cron script directly.
Postinstallation migration instructions 23