iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
Integrating the WebSafe2 Internet Security
Processor (WISP)
iTP Secure WebServer System Administrator’s Guide—523346-002
5-14
Generating the Public/Private Key Pair and
Obtaining the Certificate
the newdn.txt file. After the newdn.txt file is created, a message will be displayed
showing the current DN that is to be used in all keyadmin commands. This current DN
is the one to be used in the AcceptSecureTransport directive. For information
about the AcceptSecureTransport directive, see AcceptSecureTransport on
page A-5.
A sample newdn.txt file is shown below:
bin/keyadmin -websafeadd cert-recv-file \
-widconf config-file -kek_mfk31 kek-cryptogram \
[-kek_clear kek-value] [-verbose]
The command components are described below:
-websafeadd cert-recv-file
specifies the name of the encoded file containing your new certificate as received
from your CA.
-widconf config-file
specifies the WID configuration file for hardware encryption. By default, this file is
named wid.config.
-kek_mfk31 kek-cryptogram
specifies the encrypted KEK under MFK variant 31.
-kek_clear kek-value
specifies the clear KEK value. If kek-value is not supplied in the command line,
you are prompted by keyadmin to enter it. Keyadmin computes the check digits of
KEK and asks you to verify that the KEK is correct. The size of KEK is 16 bytes (32
hex digits).
-verbose
specifies that complete information associated with the command string should be
displayed.
DN used at the time of key generation is: CN=hima.lab201.tandem.com,
OU=datadev, O=tandem, L=cupertino, ST=california, C=US
New DN in the certificate to be added is: CN=hima.lab201.tandem.com,
SN=297-68-2381, OU=a-sign.datadev.com, OU=a-sign Server Light Demo CA,
O=Datadev California, C=US
Use the new DN for all your commands requiring a DN for this certificate.
Note. The bin/ prefix indicates the directory that contains the keyadmin utility.