Manualshelf

iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
71727374757677787980
Starting with iTP Secure WebServer Release 7.5, you can export the private keys in the following
formats:
PEM or DER encoded PKCS#8 format encrypted using either the 3DES, AES128, AES192, or
AES256 algorithms
PEM encoded format
To migrate the iTP Secure WebServer database, complete the following steps:
NOTE: Before migrating your iTP Secure WebServer 7.0 key database to iTP Secure WebServer
7.2 and later versions, store a copy of the key database in case you want to fallback to iTP Secure
WebServer 7.0.
1. Using the following dbmigrate utility commands, export the private keys from the old key
database:
bin/dbmigrate -keydb <key-file> -exportpriv <key-file> -dn 'dn
[ {[-encode <format>] [-crypt <algorithm>]} | [-nocrypt] ]
where,
keydb
is the name of the key database file in which the private key is stored.
key-file
is the name of the key database file in which the private key is stored.
dn
is the associated DN of the private key to be exported.
-encode <format>
specifies the encoding format for the private key. The valid format values are PEM
or DER. The default encoding format is PEM.
You can specify this option anywhere after the exportpriv option in the
command line sequence.
crypt <algorithm>
specifies the encryption format for storing the PKCS#8 encrypted keys. The valid
values are AES256, AES192, AES128, or 3DES. The default encryption algorithm
is AES256.
You can specify this option anywhere after exportpriv option in the command
line sequence.
nocrypt
specifies that the private key must be exported without encryption in PEM encoded
format.
You can specify this option anywhere after exportpriv option in the command
line sequence.
When this option is used, the following warning appears:
Storing unencrypted private keys in disk files is not
recommended.
Do not use nocrypt with crypt/-encode options.
If you do not specify the -nocrypt option, you must provide the passphrase for
encrypting the key before exporting it to disk file. The following example illustrates
this export sequence:
./dbmigrate -keydb olddb -exportpriv keyfile dn CN=www.example.com
Enter passphrase:
Migrating the key database from iTP Secure WebServer 7.0 to 7.2 and later 77