Manualshelf

iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
51525354555657585960
Generating a New Key Pair
Before you generate a key pair, you must obtain these items:
The certificate-request form from a Certificate Authority.
You can access this form from the Certificate Authority's home page on the Web.
The DN you have decided to use to identify your server.
The password associated with the server's key database file. If you plan to use an existing
key database file, you must know the password associated with it. If you plan to create a new
key database file, you must choose a password.
For information about the server key database file and the password used to encrypt it, See
“KeyDatabase” (page 217)and “ServerPassword” (page 252).
To generate a new key pair, use the keyadmin command shown.
NOTE: You can use the -force option only at the end of command.
Enter the entire command on a single command line. If a continuation character is necessary, you
must use the backslash (\) character as shown; the backslash is not permitted to break the DN
value across lines.
bin/keyadmin -keydb keydb [ -mkpair ] -dn 'dn' \
[-length key-length] [-verbose]
NOTE: The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.
The command arguments have these functions:
-keydb keydb
specifies the name of the key database file that will store the private key of the new
key pair (along with the key's DN).
If the database you specify is nonexistent, the server creates the database for you
and notifies you that the new database was created.
-mkpair
instructs the server to generate a random key pair that has a default length of 1024
bits.
If you omit -mkpair, this command generates both, a random key pair and a
certificate request.
-dn 'dn'
specifies the full DN for thenew key pair. Enclose this DN with apostrophes (') to
protect it from being interpreted by the shell.
Make sure to include the same field values entered on the CA request form and in
the exact order that the CA specifies. Also, be sure to enclose any value containing
a comma with quotation marks (").
The keyadmin command accepts these characters in the DN field:
A-Z a-z 0-9 (space) ' ( ) + , - . / :=?#
-length key-length
specifies the length of the key in bits. This option allows you to control the size of
the encryption key. The default key size is 1024 bits. The minimum key size is 1024
bits. The maximum key size is 4096 bits.
-verbose
Managing Certificates 57