iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide—522659-001
4-14
Using the Keyadmin Utility to Manage Keys and
Certificates
The command’s arguments have the following functions:
-keydb keydb
specifies the name of the key database file in which the key pair you created is
stored.
-delete
specifies that a certificate and key pair should be deleted from the server’s key
database file.
-dn 'dn'
specifies the full DN for the new key pair. Enclose this DN with apostrophes (') to
protect it from being interpreted by the shell.
Make sure to include the same field values entered on the CA request form and in
the exact order that the CA specifies. Also, enclose any value containing a comma
with quotation marks (").
The keyadmin command accepts the following characters in the DN field:
A-Z a-z 0-9 (space) ' ( ) + , - . / : = ? #
-verbose
specifies that complete information associated with the command string should be
displayed.
Renewing a Certificate
When requesting a renewal certificate for the iTP Secure WebServer, you must generate
a new key pair, specifying the name of a new key database file in which to store it, then
follow the instructions provided by your CA (for example, on their web page) to e-mail
the resulting certificate request (in the file designated by -mkreq or in cert-req.txt) to
them for processing.
Disabling or Enabling a Certificate
To disable a certificate or enable a previously disabled certificate in the key database
file, use the following keyadmin command.
You may enter the arguments in any order. Enter the entire command on a single
command line. If a continuation character is necessary, you must use the backslash (\)
character as shown; the backslash is not permitted to break the DN value across lines.
bin/keyadmin -keydb keydb {-disable | -enable} \
-dn 'dn' [-root] [-verbose]
Note. The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.