iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Integrating the WebSafe2 Internet Security
Processor (WISP)
iTP Secure WebServer System Administrator’s Guide—522659-001
5-14
Generating the Public/Private Key Pair and
Obtaining the Certificate
The command components are described below:
-websafeadd cert-recv-file
specifies the name of the encoded file containing your new certificate as received
from your CA.
-widconf config-file
specifies the WID configuration file for hardware encryption. By default, this file is
named wid.config.
-kek_mfk31 kek-cryptogram
specifies the encrypted KEK under MFK variant 31.
-kek_clear kek-value
specifies the clear KEK value. If kek-value is not supplied in the command line,
you are prompted by keyadmin to enter it. Keyadmin computes the check digits of
KEK and asks you to verify that the KEK is correct. The size of KEK is 16 bytes
(32 hex digits).
-verbose
specifies that complete information associated with the command string should be
displayed.
Example
The following sample command shows the keyadmin syntax and the prompts that
keyadmin displays:
bin/keyadmin -verbose -websafeadd \
test-cert.resp -widconf wid.config \
-kek_mfk31 DCA519DB8A3EF822 -kek_clear 6BE0106B619EB3DF
Note. The cryptogram you enter as -kek_mfk31 and the clear text you enter when the
command prompts you to clear the KEK key, must have been generated using the SCT
Calculate Crypto function, using the MFK, as described in Step 4. Obtaining a KEK Pair Using
Variant 31. If you enter clear text and cryptograms generated in some other way, the certificate
you install will not be usable and the iTP Secure WebServer cannot communicate with the
WISP.
Take care in entering both the cryptogram and the clear text. The keyadmin utility can detect a
mismatch (or reversal of the cryptogram and clear text) only if the error results in incorrect
check digits for the clear text.