Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing and Administering IPSec/9000 > Chapter 1 Installing and Configuring IPSec/9000

Step 10: Retrieving the Certificate Revocation List (CRL)
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

If you are using VeriSign or Baltimore certificates, you must add an entry to the root user's crontab file, located in /var/spool/cron/crontabs/root to periodically retrieve the Certificate Revocation List (CRL) from the VeriSign or Baltimore Certificate Authority.

VeriSign

Add the following two lines to the root user's crontab file.

# Retrieve the CRL from the Certificate Authority (for IPSec/9000)

[min] [hr] [mon_day] [month] [wkday] /var/adm/ipsec_gui/cron/crl.cron

The fields in brackets are placeholders. Replace them with appropriate values when you enter the lines into the crontab file.

For example, to retrieve the CRL every hour on the hour, add the following two lines and execute the crontab command to the root crontab file:

# Retrieve the CRL from the Certificate Authority (for IPSec/9000)

0 * * * * /var/adm/ipsec_gui/cron/crl.cron.

crontab /var/spool/cron/crontabs/root

For more information regarding cron jobs and the crontab file format, refer to the cron(1M) and crontab(1) man pages.

NOTE: The cron job that automatically retrieves the VeriSign Certificate Revocation List (CRL) on HP-UX 11.0 will not work on VirtualVault. The network administrator must perform the operation manually.

Baltimore

Add the following two lines to the root user's crontab file.

# Retrieve the CRL from the Certificate Authority (for IPSec/9000)

[min] [hr] [mon_day] [month] [wkday] /var/adm/ipsec_gui/cron/baltimoreCRL.cron

The fields in brackets are placeholders. Replace them with appropriate values when you enter the lines into the crontab file.

For example, to retrieve the CRL every hour on the hour, add the following two lines and execute the crontab command to the root crontab file:

# Retrieve the CRL from the Certificate Authority (for IPSec/9000)

0 * * * * /var/adm/ipsec_gui/cron/baltimoreCRL.cron.

crontab /var/spool/cron/crontabs/root

For more information regarding cron jobs and the crontab file format, refer to the cron(1M) and crontab(1) man pages.

NOTE: The cron job that automatically retrieves the Baltimore Certificate Revocation List (CRL) on HP-UX 11.0 will not work on VirtualVault. The network administrator must perform the operation manually.

Entrust

You do not need to configure the crontab file or perform any additional actions to retrieve the Entrust CRL. These steps are performed transparently for you by the Entrust/IPSec/9000 software.



Step 9: Configuring Boot-up Options
  		 


Step 11: Verifying the Installation  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001 Hewlett-Packard Development Company, L.P.