iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

Integrating the WebSafe2 Internet Security

Processor (WISP)

iTP Secure WebServer System Administrator’s Guide—522659-001

5-12

Generating the Public/Private Key Pair and

Obtaining the Certificate

-verbose

specifies that complete information associated with the command string should be

displayed.

Example

When you enter the keyadmin command and press Return, you are prompted for the

clear KEK key. Your response is not echoed. The following example dialog shows

correct keyadmin syntax and the prompts keyadmin displays.

The value of -kek_mfk0 consists of the left and right portions of the encrypted KEK.

Compare the KEK with the Example

on page 5-10. The keyadmin command does not

echo the clear KEK key that you type, but in this example, the value consistent with the

same example would be F445DF43798097A1A42043A70B4F8A61. If the check

digits don’t match the value on the SCT display, run the command again, taking care to

enter the clear text and cryptogram correctly.

bin/keyadmin -verbose -websafegen \

test-cert.req -widconf wid.config \

-dn 'CN =testing,OU=web,O="Tandem Computers, Inc.", \

L=Cupertino,ST=California,C=US' \

-kek_clear F445DF43798097A1A42043A70B4F8A61 \

-kek_mfk0 20F6479470CC73F20325C6824FF0D6E2 -length 512

Check digits of clear KEK: xxxx

Is it correct (y or n)?: y

After the keyadmin utility finishes running the command, it generates a file named

cert-req.txt in the directory where the command was run. This file contains the public

key and DN encoded in PKCS #10 format.

Step 3. Requesting a Certificate From a Certificate Authority (CA)

To request a certificate, e-mail the file cert-req.txt to a CA. For more information about

this process, see Requesting a Certificate on page 4-10.

Step 4. Obtaining a KEK Pair Using Variant 31

You obtain a KEK pair using variant 31 by performing the following steps:

a. Select Encryption Key MFK1.

b. Define Key Under MFK1.

c. Select 1 for a single length (8-byte) key.

d. Enter 1 as the number of key parts.

e. Select the MFK.

f. Enter input variant 310.

g. Create and record the left portion of the clear text. You can enter your own clear

KEK or have the SCT generate one for you.