iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

Enter passphrase for private key:

Re-enter passphrase for private key:

Are you sure you want to export this entry? (y/n) y

The keyfile "keyfile" does not exist. Do you wish to create it? (y/n) y

Private key is successfully exported to file.."keyfile"

The dbmigrate command prompts you for the passphrase of the key database. If you do

not specify the –nocrypt option, the command prompts you for the passphrase to encrypt

the private key. The passphrase specifications are same as that of passphrase for key database.

If you enter a valid passphrase, the command prompts you to re-enter the passphrase for

validation. After passphrase validation, the key is encrypted with the passphrase and exported

in PKCS#8 format. A maximum of four attempts are allowed to enter the passphrase for the

following cases:

• The passphrase specifications are not met

• The passphrase validation fails

If the key-file does not exist, you will be prompted to create the file. If the key-file

already exists, it is overwritten.

If the specified DN does not exist in the key database file, an error message is displayed.

For example,

./dbmigrate -keydb demo.db -exportpriv priv.key -dn

'CN=www.hp.com, L=Cupertino, O=HP, OU=NED,C=US'

2. Using the following dbmigrate utility tool command, export certificates from the old key

database:

bin/dbmigrate -keydb <keydb> -exportcert <key-file> -dn 'dn'

where,

<keydb>

is the name of the key database file in which the private key is stored.

<key-file>

is the name of the disk file to which you want to export the certificate.

is the associated DN of the private key to be exported.

The keyadmin command prompts you for the passphrase of the key database mentioned in

the keyadmin command.

If the key-file does not exist, you will be prompted to create the file. If the key-file already

exists, it will be overwritten.

If the specified DN does not exist in the key database file, an error message is displayed.

The following examples illustrate the use of dbmigrate command:

./dbmigrate -keydb demo.db -exportpriv priv.key –dn \

'CN=www.hp.com, L=Cupertino, O=HP, OU=NED, C=US' \

–encode PEM –crypt 3DES

./dbmigrate -keydb demo.db -exportpriv priv.key –dn \

'CN=www.hp.com, L=Cupertino, O=HP, OU=NED, C=US' \

–encode DER –crypt AES256

./dbmigrate -keydb demo.db -exportpriv priv.key –dn \

'CN=www.hp.com, L=Cupertino, O=HP, OU=NED, C=US'

./dbmigrate -keydb demo.db -exportpriv priv.key –dn \

'CN=www.hp.com, L=Cupertino, O=HP, OU=NED, C=US' -nocrypt

3. After exporting the certificates and the private keys from the old key database, perform the

following steps to create the new key database:

78 Configuring for Secure Transport