Manualshelf

iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
51525354555657585960
adds any of these plain text fields to the certificate request. The information in these
fields are for your convenience and do not affect the keyadmin command. Be sure
to include single quotes (') or double quotes (") around any entries that contain a
space.
-verbose
specifies that complete information associated with the command string should be
displayed.
The keyadmin utility writes the public key and DN to the file name specified in
-mkreqcert-req-file. The information in this file name is encoded in PKCS #10 message
format.
Requesting a Certificate
After creating the certificate request and writing it to a file, follow instructions provided by the CA
(for example, on the web page) to request the certificate.
After processing your request, the CA will e-mail you a file containing your certificate in PKCS #7
format.
Adding a Certificate to the Key Database File
When you receive a certificate from a CA, install it in your server's key database file and remove
any hidden characters it contains (such as line-feed characters). To add a certificate, use the
keyadmin command.
Adding certificates with DNs that are different from the key generation DN
You can add certificates that have DNs that are different from the DN used during key generation.
A typical case where this occurs is when a DN is changed by an issuing CA.
When you add such a certificate for the first time, the iTP Secure WebServer creates a file called
newdn.txt (in the root directory) that contains the new DN. If you add any certificates subsequently
that have DNs that are different from those used during key generation or those added previously
to the key database file, those certificates' DNs are appended to the newdn.txt file. After the
newdn.txt file is created, the "newdn is" message provides the DN that is to be used in all
keyadmin commands that require a DN and for the AcceptSecureTransportdirective. For
information about the AcceptSecureTransport directive, See AcceptSecureTransport”
(page 200).
A sample newdn.txt file is:
DN used at the time of keygeneration is: CN=hima.lab201.tandem.com,
OU=datakomhw, O=tandem, L=cupertino, ST=california, C=US
New DN in the certificate to be added is: CN=hima.lab201.tandem.com,
SN=297-68-2381, OU=a-sign.datakom.at, OU=a-sign Server Light Demo CA,
O=Datakom Austria GmbH, C=AT
Use the new DN for all your commands requiring a DN for this certificate.
You can enter the arguments in any order. Enter the entire command on a single command line.
If a continuation character is necessary, you must use the backslash (\) character as shown.
bin/keyadmin -keydb keydb -addcert cert-recv-file \
[-force] [-root] [-verbose]
NOTE: The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.
The command arguments have these functions:
-keydb keydb
Managing Certificates 59