iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

Integrating the WebSafe2 Internet Security

Processor (WISP)

iTP Secure WebServer System Administrator’s Guide—522659-001

5-11

Generating the Public/Private Key Pair and

Obtaining the Certificate

You may enter the arguments in any order. Enter the entire command on a single

command line. If a continuation character is necessary, you must use the backslash (\)

character as shown; the backslash is not permitted to break the DN value across lines.

bin/keyadmin -websafegen [key-req-file] \

-widconf wid-config-file -dn 'dn' -kek_mfk0 kek-cryptogram \

[-kek_clear kek-value] [-length key-length] [-verbose]

The command components are described below:

-websafegen [key-req-file]

instructs the server to generate a public/private key pair and a PKCS #10 certificate

request and to write the certificate request to the file specified in the command. If

the file name is omitted, the default file name is cert-req.txt.

-widconf wid-config-file

specifies the WID configuration file for hardware encryption. By default, this file is

named wid.config.

-dn 'dn'

specifies the full Distinguished Name (DN) for the new key pair. Enclose this in

single quotation marks (‘) to protect it from being interpreted by the shell.

You must include the same field values entered on the CA request form in the exact

order that the CA specifies. You also must enclose any value containing a comma

with double quotation marks (“).

The keyadmin command accepts the following characters in the DN field:

A-Z a-z 0-9 (space) ' ( ) + , - . / : = ? #

-kek_mfk0 wid-config-file

specifies the encrypted KEK under MFK variant 0.

-kek_clear kek-value

specifies the clear KEK value. If kek-value is not supplied in the command line,

you are prompted by keyadmin to enter it. Keyadmin computes the check digits of

KEK and asks you to verify that it is correct. The size of KEK is 16 bytes (32 hex

digits).

-length key-length

specifies the length of the key in bits. This option allows you to control the size of

the encryption key. The default key size and the minimum key size is 512 bits. The

maximum key size is 1024 bits, or 512 bits for the exportable version of the iTP

Secure WebServer.

Note. The bin/ prefix indicates the directory that contains the keyadmin utility.