iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide—522659-001
4-7
Using the Keyadmin Utility to Manage Keys and
Certificates
You can continue using other server IDs along with your Global Server ID in order to
provide services to browsers and other clients that do not support Global Server IDs.
Using the Keyadmin Utility to Manage Keys and Certificates
The keyadmin utility is used to generate key pairs and to manage certificates in the
server key database file. This section describes how to use the keyadmin utility and
covers these topics:
•
Generating a New Key Pair (See page 4-7)
•
Creating a Certificate Request (See page 4-9)
•
Requesting a Certificate (See page 4-10)
•
Adding a Certificate to the Key Database File (See page 4-11)
•
Deleting a Certificate (See page 4-13)
•
Renewing a Certificate (See page 4-14)
•
Disabling or Enabling a Certificate (See page 4-14)
•
Changing the Key Database File Password (See page 4-15)
•
Creating a List of Key Database File Contents (See page 4-16)
•
Updating the Default Root Certificates (See page 4-18)
•
Exporting a Database Entry (See page 4-22).
•
Displaying Keyadmin Utility Information (See page 4-23)
The keyadmin utility is located in the bin directory in the server install directory.
Generating a New Key Pair
Before you generate a key pair, you need the following items:
•
The certificate-request form from the chosen CA.
You can access this form from the CA’s home page on the Web. For a list of
supported CAs, see the web page at the following URL (specify that you need an
SSL server certificate):
http://www.verisign.org
•
The DN you have decided to use to identify your server.
•
The password associated with the server’s key database file. If you plan to use an
existing key database file, you must know the password associated with it. If you
plan to create a new key database file, you must choose a password.
For information about the server key database file and the password used to encrypt it,
see KeyDatabase
on page A-24 and ServerPassword on page A-66.