Manualshelf

iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
61626364656667686970
This command prompts for the password of the key database file in which the key must be stored.
The keyadmin command prompts to create a password to protect the key database file if it is not
password protected.
If the corresponding certificate is not found, a new entry is created using the DN provided in the
-dn option of the command. In such instances, the -dn option must be specified and is not treated
as optional. If the -dn option is not set, an error is displayed.
The keyadmin command arguments have the following functions:
-keydb <keydb>
specifies the name of the key database file in which the private key will be stored.
If the key database file mentioned in the command does not exist, the system prompts
you to create it. If you choose to create the database, the system prompts for a
password to protect the key database file.
-importpriv <key-file>
specifies that you want to import the private key from the key-file and store it in a
key database file.
[-dn 'dn']
specifies the DN to be used to identify the newly created entry for the imported key.
This parameter is ignored if the corresponding certificate already exists in the key
database.
[-nocrypt]
indicates the iTP Secure WebServer to process the private key as unencrypted. Use
this option when importing a private key in the PEM encoded format. When you
use this option, the following warning appears:
Storing unencrypted private keys in disk files is not
recommended.
If -nocrypt option is not specified, the keyadmin utility processes private keys
as encrypted. After you enter the valid passphrase for the key database, the
keyadmin utility prompts for the private key passphrase. The private key is
encrypted with this passphrase.
The following examples illustrate the import sequence:
./keyadmin -keydb demo.db -importpriv priv.key -dn
'CN=www.hp.com, L=Cupertino, O=HP, OU=NED, C=US'
./keyadmin -keydb test.db -importpriv keyfile -dn "CN=www.example.com"
The keyfile "test.db" does not exist. Do you wish to create it? (y/n) y
Do you wish to add the default certificates to this keyfile? (y/n) n
Database does not currently have a passphrase associated with it.
Enter passphrase:
Re-enter new passphrase:
Enter passphrase for private key:
Are you sure you want to import this private key? (y/n) y
New keypair successfully added
Saving key database "test.db"... Done
NOTE: If you enter a passphrase that is not the same as the one used for encrypting the private
key, the import operation aborts with an error message.
Exporting a Private Key to a User-defined Disk File
You can export a private key from an existing key database to a user-specified disk file.
Managing Certificates 69