Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide522659-001
4-9
Using the Keyadmin Utility to Manage Keys and
Certificates
-verbose
specifies that complete information associated with the command string should be
displayed.
The keyadmin utility prompts you to enter the password associated with the key
database file. After you enter the key database file password, the keyadmin utility
creates the private and public parts of a new key pair, stores them in the key database
file, then binds this key pair to the DN you specified.
Longer keys provide more security, but at the cost of requiring more time to encrypt a
particular object. The default key length (512 bits) should be sufficient for all browsers
that support SSL or PCT.
Creating a Certificate Request
To create a public key certificate request, use the keyadmin command shown below.
You may enter the arguments in any order. Enter the entire command on a single
command line. If a continuation character is necessary, you must use the backslash (\)
character as shown; the backslash is not permitted to break the DN value across lines.
bin/keyadmin -keydb keydb [-mkreq cert-req-file] \
-dn 'dn'[-life days] [-webmaster webmaster-name] \
[-phone webmaster-phone-num] [-software software] [-verbose]
The command’s arguments have the following functions:
-keydb keydb
specifies the name of the key database file that will store the private and public parts
of the new key pair (along with the key’s DN).
If the database you specify is nonexistent, the server creates the database for you and
notifies you that the new database was created.
-mkreq cert-req-file
generates a certificate request for the specified DN and writes it to the file specified
in the command. A key pair must already reside in the database. If the specified file
does not exist, the default file is cert-req.txt.
Note that if you omit -mkreq, this command generates both a random key pair and
a certificate request.
Note. The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.