Manualshelf

iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
61626364656667686970
Starting with iTP Secure WebServer Release 7.5, you can export the private keys in the following
formats:
PEM or DER encoded PKCS#8 format encrypted using either the 3DES, AES128, AES192, or
AES256 algorithms
PEM encoded format
NOTE: The private key is exported in PKCS#8 Base64 encoded format in older releases.
To export a private key, use the following command:
bin/keyadmin [verbose] keydb <dbfile> -exportpriv <key-file> -dn 'dn'
[ {[-encode <format>] [-crypt <algorithm>]} | [-nocrypt] ]
NOTE: The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.
The keyadmin command prompts you for the passphrase of the key database. If you do not specify
the nocrypt option, the command prompts you for the passphrase to encrypt the private key.
The passphrase specifications are the same as that of passphrase for key database.
If you enter a valid passphrase, the command prompts you to re-enter the passphrase for validation.
After passphrase validation, the key is encrypted with the passphrase and exported in PKCS#8
format. A maximum of four attempts are allowed to enter the passphrase for the following cases:
The passphrase specifications are not met
The passphrase validation fails
The keyadmin command arguments have the following functions:
-keydb <dbfile>
specifies the name of the key database file in which the private key is stored.
-exportpriv <key-file>
specifies the disk file to which the private key must be exported.
-dn 'dn'
specifies the associated DN of the private key to be export ed.
-encode <format>
specifies the encoding format for the private key. The valid values are PEM or DER
. The default encoding format is PEM.
You can specify this option anywhere after the exportpriv option in the
command line sequence.
crypt <algorithm>
specifies the encryption format for storing the PKCS#8 encrypted keys. The valid
values are AES256, AES192, AES128, or 3DES. The default encryption algorithm
is AES256.
You can specify this option anywhere after the exportpriv option in the
command line sequence.
nocrypt
specifies that the private key must be exported without encryption in PEM encoded
format.
You can specify this option anywhere after the exportpriv option in the
command line sequence.
When this option is used, the following warning appears:
70 Configuring for Secure Transport