iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

specifies the name of the key database file in which the key pair you created is stored.

-addcert cert-recv-file

specifies the name of the encoded file containing your new certificate as received from your CA.

-force

specifies that a renewal of an older certificate should occur, but that the check for a valid start

date should not be performed.

-root

treats the certificate as a root.

-verbose

specifies that complete information associated with the command string should be displayed.

A sample command is:

bin/keyadmin -keydb conf/mykeys -addcert my-cert.txt

This command ensures that the certificate is valid by checking that the public key it contains matches

the public key associated with the same DN in the database. Then the certificate is inserted in the

database.

Update the KeyDatabase, ServerPassword, and AcceptSecureTransport configuration directives

in the server's configuration file, if you have not done so already, and restart the server.

Responses are delivered in PKCS #7 message format. However, you can add items to the database

in any of these formats:

• A message in PKCS #7 format

• A raw RADIX-64 encoded certificate

“Sample Certificate in RADIX-64 Format” (page 60) shows an example of a certificate is in the

RADIX-64 format:

Table 2 Sample Certificate in RADIX-64 Format

-----BEGIN CERTIFICATE-----

MIICPzCCAekCEAS/HreKrbhGuo00vaEFPcgwDQYJKoZIhvcNAQEEBQAwgakxFjAU

BgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52ZXJpc2lnbi5jb20v

cmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBMaWFiLiBMVEQuMUYw

RAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0aW5nIG9ubHkuIE5v

IGFzc3VyYW5jZXMgKEMpVlMxOTk3MB4XDTk3MDgwNjAwMDAwMFoXDTk3MDgyMDIz

NTk1OVowgZsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYD

VQQHFAlDdXBlcnRpbm8xHzAdBgNVBAoUFlRhbmRlbSBDb21wdXRlcnMsIEluYy4x

ITAfBgNVBAsUGFRlc3QgYW5kIEV2YWx1YXRpb24gT25seTEfMB0GA1UEAxQWaElN

QS5sYWIyMDEudGFuZGVtLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCm17LN

l/GG+UYvlnWujFau+PXWF6WAMlsG1MfPk5fWsl7kXw862TKzMHGNBaRzTBbcONOW

PFv4NMBZYVZAWux9AgMBAAEwDQYJKoZIhvcNAQEEBQADQQB9gqo61uzQEd9YZ2vn

dVYd4FH7+1YSGOAmqUJ6yPbv52vmLvXJjZ8b6ENVL7cYvZ55RVhYBKhenCFIu2mu

Cbuk

-----END CERTIFICATE-----

Deleting a Certificate

To delete a certificate and key pair from the server's key database file, use the keyadmin command.

You can enter the arguments in any order. Enter the entire command on a single command line.

If a continuation character is necessary, you must use the backslash (\) character as shown; the

backslash is not permitted to break the DN value across lines.

bin/keyadmin -keydb keydb -delete -dn 'dn' [-root] [-verbose]

NOTE: The bin/ prefix indicates the directory that contains the keyadmin utility; the default is

the bin directory.

60 Configuring for Secure Transport