Manualshelf

iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
51525354555657585960
specifies that complete information associated with the command string should be
displayed.
The keyadmin utility prompts you to enter the password associated with the key database file.
After you enter the key database file password, the keyadmin utility creates the private/public
key pair, stores them in the key database file, and then binds this key pair to the DN you specified.
Longer keys provide more security, but at the cost of requiring more time to encrypt a particular
object.
Creating a Certificate Request
To create a public key certificate request, use the keyadmin command.
You can enter the arguments in any order. Enter the entire command on a single command line.
If a continuation character is necessary, you must use the backslash (\) character as shown; the
backslash is not permitted to break the DN value across lines.
bin/keyadmin -keydb keydb [-mkreq cert-req-file] \
-dn 'dn'[-life days] [-webmaster webmaster-name] \
[-phone webmaster-phone-num] [-software software] [-verbose]
NOTE: The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.
The command arguments have these functions:
-keydb keydb
specifies the name of the key database file that will store the private and public
parts of the new key pair (along with the key's DN).
If the database you specify is nonexistent, the server creates the database for you
and notifies you that the new database was created.
-mkreq cert-req-file
generates a certificate request for the specified DN and writes it to the file specified
in the command. A key pair must already reside in the database. If the specified
file does not exist, the default file is cert-req.txt.
If you omit -mkreq, this command generates both a random key pair and a
certificate request.
-dn 'dn'
specifies the full DN for thenew key pair. Enclose this DN with apostrophes (') to
protect it from being interpreted by the shell.
Make sure to include the same field values entered on the CA request form and in
the exact order that the CA specifies. Also, enclose any value containing a comma
with quotation marks (").
The keyadmin command accepts these characters in the DN field:
A-Z a-z 0-9 (space) ' ( ) + , - . / :=? # andnon-English
character sets
-life days
specifies the length of time, in days, that the certificate will remain valid. The default
is 365 days. The life span requested is inserted into the resulting certificate request.
The CA can adjust this life span when issuing the certifipcate.
-webmaster webmaster-name
-phone webmaster-phone-num
-software software
58 Configuring for Secure Transport