Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide522659-001
4-23
Using Server Certificate Chains With the iTP Secure
WebServer
If you specify -nooverwrite, keyadmin generates a message to indicate that the
entry was not overwritten.
Displaying Keyadmin Utility Information
You can display information about keyadmin by issuing the following keyadmin
command:
bin/keyadmin -version [-verbose]
This command displays the following information about the keyadmin utility that you
are running:
Utility name (keyadmin)
Version number of the utility
The operating system platform on which the utility was built
Using Server Certificate Chains With the iTP
Secure WebServer
The iTP Secure WebServer’s SSL 3.0 protocol allows you to send and receive certificate
chains. With the certificate chain option, you can establish a certificate hierarchy that is
more than two certificates deep. Server certificate chain support allows iTP Secure
WebServers to use VeriSign Global Server IDs, which are certificate chains.
For information about Global Server IDs, see Support for International 128-Bit SSL
Sessions Using VeriSign’s Global Server ID on page 4-5. For more information about
certificates and certificate chains, see Using Certificates on page D-6.
No configuration changes to the iTP Secure WebServer are required for this feature.
However, because certificate chain transmission between clients and servers requires
SSL 3.0 support, ensure that you are using the latest version of the iTP Secure
WebServer.
You can use certificate chains with the WebSafe2 unit for increased security. If you plan
to do this, see How to Use Server Certificate Chains With WebSafe2 Encryption
on
page 5-16 for specific configuration details.
To create a server certificate chain, follow these steps:
1. Obtain leaf and intermediate certificates from the appropriate CA. If the certificates
are to be used to support a Global Server ID, obtain the certificates from VeriSign at
the following web site:
http://www.verisign.com
Note. The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.