iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

121

122

123

124

125

126

127

128

129

130

Integrating the WebSafe2 Internet Security

Processor (WISP)

iTP Secure WebServer System Administrator’s Guide—523346-002

5-11

Generating the Public/Private Key Pair and

Obtaining the Certificate

Step 2. Generating a Public/Private Key Pair and a Certificate

Request

When used with WebSafe2 encryption, the iTP Secure WebServer can only use a

public/private key pair generated by the WISP. You use the keyadmin utility to cause

the WISP to generate a public/private key pair and to generate a certificate request

containing the public key. The syntax with the required arguments is shown in the

following example. You may enter the arguments in any order.

You may enter the arguments in any order. Enter the entire command on a single

command line. If a continuation character is necessary, you must use the backslash (\)

character as shown; the backslash is not permitted to break the DN value across lines.

bin/keyadmin -websafegen [key-req-file] \

-widconf wid-config-file -dn 'dn' -kek_mfk0 kek-cryptogram \

[-kek_clear kek-value] [-length key-length] [-verbose]

The command components are described below:

-websafegen [key-req-file]

instructs the server to generate a public/private key pair and a PKCS #10

certificate request and to write the certificate request to the file specified in the

command. If the file name is omitted, the default file name is cert-req.txt.

-widconf wid-config-file

specifies the WID configuration file for hardware encryption. By default, this file is

named wid.config.

-dn 'dn'

specifies the full Distinguished Name (DN) for the new key pair. Enclose this in

single quotation marks (‘) to protect it from being interpreted by the shell.

You must include the same field values entered on the CA request form in the

exact order that the CA specifies. You also must enclose any value containing a

comma with double quotation marks (“).

The keyadmin command accepts the following characters in the DN field:

A-Z a-z 0-9 (space) ' ( ) + , - . / : = ? #

-kek_mfk0 wid-config-file

specifies the encrypted KEK under MFK variant 0.

Note. The bin/ prefix indicates the directory that contains the keyadmin utility.