Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide522659-001
4-8
Using the Keyadmin Utility to Manage Keys and
Certificates
To generate a new key pair, use the keyadmin command shown below. If you are
going to use this certificate with the WebSafe2 unit, the keyadmin commands you use
are somewhat different. For information about generating a key pair for use with a
WebSafe2 unit, see Step 2. Generating a Public/Private Key Pair and a Certificate
Request on page 5-10.
You may enter the arguments in any order. Enter the entire command on a single
command line. If a continuation character is necessary, you must use the backslash (\)
character as shown; the backslash is not permitted to break the DN value across lines.
bin/keyadmin -keydb keydb [ -mkpair ] -dn 'dn' \
[-length key-length] [-verbose]
The command’s arguments have the following functions:
-keydb keydb
specifies the name of the key database file that will store the private and public parts
of the new key pair (along with the key’s DN).
If the database you specify is nonexistent, the server creates the database for you and
notifies you that the new database was created.
-mkpair
instructs the server to generate a random key pair that has a default length of 512
bits. When you issue this command, you are prompted to type random keystrokes.
The timing of your keystrokes is used to produce a random numeric code.
Note that if you omit -mkpair, this command generates both a random key pair
and a certificate request.
-dn 'dn'
specifies the full DN for the new key pair. Enclose this DN with apostrophes (') to
protect it from being interpreted by the shell.
Make sure to include the same field values entered on the CA request form and in
the exact order that the CA specifies. Also, be sure to enclose any value containing a
comma with quotation marks (").
The keyadmin command accepts the following characters in the DN field:
A-Z a-z 0-9 (space) ' ( ) + , - . / : = ? #
-length key-length
specifies the length of the key in bits. This option allows you to control the size of
the encryption key. The default key size is 512 bits. The minimum key size is 512
bits. The maximum key size is 1024 bits, except for the exportable version of the
iTP Secure WebServer, for which it is 512 bits.
Note. The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.