HP-UX IPSec A.03.02.02 Release Notes HP-UX 11i version 3 (766158-001, April 2014)
-alt-ipv4 ipv4_addr argument accordingly. For
example, the following specifies three IPv4 addresses:
-alt-ipv4 192.6.2.2 -alt-ipv4 192.6.2.3
-alt-ipv4 192.6.2.5
-alt-fqdn fqdn Specifies the Fully Qualified Domain Name (FQDN) you
want in the subjectAlternativeName field of the certificate,
such as myhost.acme.com. The FQDN is also referred to
as the Domain Name Service or DNS name. You can specify
up to 20 FQDNs by repeating the -alt-fqdn fqdn
argument accordingly. For example, the following specifies
two FQDNs:
-alt-fqdn myhost1.acme.com -alt-fqdn
myhost2.acme.com
-alt-user-fqdn user_fqdn1 Specifies the User-FQDN you want in the
subjectAlternativeName field of the certificate, such as
johnson@myhost.acme.com. You can specify up to 20
User-FQDNs by repeating the -alt-user-fqdn
user_fqdn argument accordingly. For example, the
following specifies two User-FQNDs:
-alt-user-fqdn johnson@myhost.acme.com
nichols@home.acme.com
Examples of the ipsec_config add csr command specifying multiple
alternative names
In the following example, the ipsec_config add csr command specifies two IPv4 addresses,
two FQDNs, and a single User-FQDN as alternative names in the specified certificate:
%ipsec_config add csr -subject cn=myhost,c=us,o=hp,ou=lab \
-alt-ipv4 192.6.2.2 -alt-ipv4 192.6.1.1 \
-alt-fqdn myhost.hp.com -alt-fqdn myhost2.hp.com \
-alt-user-fqdn roadrunner@acme.com
In the following example, the command specifies one IPv4 address, one FQDN, and two
User-FQDNs:
%ipsec_config add csr -subject cn=myhost,c=us,o=hp,ou=lab \
-alt-user-fqdn roadrunner@acme.com \
-alt-user-fqdn bunny@acme.com -alt-user-fqdn wolf@acme.com
New and changed features in A.03.00.00
The documentation reflects the following changes to the HP-UX IPSec product:
• “IKE policy changes” (page 11)
“Support for IKE version 2” (page 11)◦
◦ “IKEv1 and IKEv2 policies replace IKE policies” (page 11)
◦ “default IKEv1 and IKEv2 policies” (page 11)
◦ “The ipsec_config add ike command is deprecated” (page 11)
◦ “IKE DES encryption is obsolete” (page 11)
New and changed features in A.03.00.00 9