iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide—522659-001
4-18
Using the Keyadmin Utility to Manage Keys and
Certificates
If you specify keyadmin -list for a nonexistent key database file, the command
will list only the built-in roots that ship with the utility.
Updating the Default Root Certificates
The iTP Secure WebServer supports a set of default root certificates for domestic use
(United States and Canada). If a request arrives and client authentication is required, the
iTP Secure WebServer checks the certificate to see whether it matches any of the default
root certificates; if the certificate matches, the request is accepted, and if not, the request
is rejected. To restrict the set of accepted certificates, or to define the certificates used
outside the United States and Canada, you specify the corresponding DNs in
AcceptSecureTransport directives in your configuration file.
The default root certificates for the current release of the iTP Secure WebServer are as
shown in Example 4-2
:
Example 4-2. Example Default Root Certificate (page 1 of 4)
-----------------------------------
Distinguished Name
OU: Class 4 Public Primary Certification Authority
O: Verisign, Inc.
C: US
State: Root Enabled
Private Key: Not Present
Public Key: Present
Certificate: Present
-----------------------------------
Distinguished Name
OU: Class 3 Public Primary Certification Authority
O: Verisign, Inc.
C: US
State: Root Enabled
Private Key: Not Present
Public Key: Present
Certificate: Present
-----------------------------------
Distinguished Name
OU: Class 2 Public Primary Certification Authority
O: Verisign, Inc.
C: US
State: Root Enabled
Private Key: Not Present
Public Key: Present
Certificate: Present
-----------------------------------
Distinguished Name
OU: Class 1 Public Primary Certification Authority
O: Verisign, Inc.
C: US
State: Root Enabled
Private Key: Not Present
Public Key: Present
Certificate: Present