Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX IPSec version A.01.06 Administrator's Guide: HP-UX 11i Version 2 > Chapter 4 Using Certificates with HP-UX IPSec

Retrieving the Certificate Revocation List (CRL)
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

If you are using VeriSign or Baltimore certificates, you must add an entry to the root user’s crontab file, located in /var/spool/cron/crontabs/root to periodically retrieve the Certificate Revocation List (CRL) from the VeriSign or Baltimore Certificate Authority. Alternately, you can manually retrieve the CRL using ipsec_mgr.

VeriSign

Add the following two lines to the root user’s crontab file.

# Retrieve the CRL from the Certificate Authority (for HP-UX IPSec)

[min] [hr] [mon_day] [month] [wkday] /var/adm/ipsec_gui/cron/crl.cron

The fields in brackets are placeholders. Replace them with appropriate values when you enter the lines into the crontab file.

For example, to retrieve the CRL every hour on the hour, add the following two lines and execute the crontab command to the root crontab file:

# Retrieve the CRL from the Certificate Authority (for HP-UX IPSec)

0 * * * * /var/adm/ipsec_gui/cron/crl.cron.

crontab /var/spool/cron/crontabs/root

For more information regarding cron jobs and the crontab file format, refer to the cron(1M) and crontab(1) man pages.

Baltimore

Add the following two lines to the root user’s crontab file.

# Retrieve the CRL from the Certificate Authority (for HP-UX IPSec)

[min] [hr] [mon_day] [month] [wkday] /var/adm/ipsec_gui/cron/baltimoreCRL.cron

The fields in brackets are placeholders. Replace them with appropriate values when you enter the lines into the crontab file.

For example, to retrieve the CRL every hour on the hour, add the following two lines and execute the crontab command to the root crontab file:

# Retrieve the CRL from the Certificate Authority (for HP-UX IPSec)

0 * * * * /var/adm/ipsec_gui/cron/baltimoreCRL.cron.

crontab /var/spool/cron/crontabs/root

For more information regarding cron jobs and the crontab file format, refer to the cron(1M) and crontab(1) man pages.

Manually Retrieving a CRL for VeriSign or Baltimore

Use the following procedure to manually retrieve a CRL:

  1. Click Get CRL on the Certificates tab of ipsec_mgr.

  2. A screen appears that tells you to wait for the system to retrieve the CRL.

  3. Once the IPSec system has retrieved the CRL, a success message appears.



Configuring Certificate IDs
  		 


Chapter 5 Troubleshooting HP-UX IPSec  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003 Hewlett-Packard Development Company, L.P.