Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX IPSec version A.01.06 Administrator's Guide: HP-UX 11i Version 2 > Chapter 4 Using Certificates with HP-UX IPSec

Configuring Certificate IDs
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

HP-UX IPSec uses certificate ID information to verify the identity that the remote system sends as part of the ISAKMP negotiation. HP-UX IPSec then matches the information in the remote system’s certificate.

HP-UX IPSec uses the IP address of the remote system, from the destination address in the ISAKMP negotiation IP packet, to select the certificate ID entry. IPSec then checks that the ID type and value match what the remote system sends in an ISAKMP ID payload. IPSec also checks that the value matches the corresponding information in the remote system’s certificate.

An HP-UX IPSec system always sends an IP address ID type, with a local IP address as the ID value.

You do not need to configure any certificate IDs if you only use certificate-based authentication with single-address HP-UX systems. You must configure certificate IDs if you use certificate-based authentication with the following types of systems:

  • Other vendors’ systems that do not send IPv4 addresses in the ISAKMP ID payload and security certificate. For example, Microsoft systems use the Subject DN (Distinguished Name) as the ID type.

  • Multi-homed systems. If a system is multi-homed (has multiple IP addresses), you must configure a certificate ID for each IPv4 address of the system, with the ID type set to IPv4 and the ID value set to the IP address in the system’s certificate as the SubjectAlternativeName. You must configure the same entries on the remote systems that will use certificate-based authentication to communicate with this system.

Follow these steps to configure a certificate ID:

  1. On the Certificate ID tab, click Create.

  2. The Create a Certificate ID screen appears. Enter the IP address of the system associated with the certificate. This can be either the local host IP address, or the IP address of a remote host if you are configuring an ID for a remote host certificate.

  3. Choose the ID type you want to use to validate the certificate from the ID Type list.

    For more information about the different ID types, go to the online help, or see Appendix D “Configuration Reference”.

  4. The Value fields for the ID type you chose appear. Enter the value or values for the ID.

    For more information on the Value fields, go to the online help or see Appendix D “Configuration Reference”.

  5. Click OK. The new certificate ID information appears on the Certificate ID tab.



Using Baltimore Certificates
  		 


Retrieving the Certificate Revocation List (CRL)  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003 Hewlett-Packard Development Company, L.P.