iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

121

122

123

124

125

126

127

128

129

130

Integrating the WebSafe2 Internet Security

Processor (WISP)

iTP Secure WebServer System Administrator’s Guide—523346-002

5-15

Generating the Public/Private Key Pair and

Obtaining the Certificate

Example

The following sample command shows the keyadmin syntax and the prompts that

keyadmin displays:

bin/keyadmin -verbose -websafeadd \

test-cert.resp -widconf wid.config \

-kek_mfk31 DCA519DB8A3EF822 -kek_clear 6BE0106B619EB3DF

Verifying Integration of a WebSafe2 Internet Security

Processor (WISP)

You can verify integration of the WISP and do testing by using the following procedure:

1. Start the iTP Secure WebServer by executing the start script:

: cd <installation directory>/conf

: ./start

After the start script has been executed, you should have a PATHMON process

running on your system. The default is $ZWEB.

If the server has been running, execute the restart script to stop the server, then

immediately start it using the new configuration:

: cd <installation directory>/conf

: ./restart

2. Verify that the iTP Secure WebServer is running:

: ps

You should see that Distributor, httpd, and generic-cgi.pway processes

are running. By default, five httpd processes are started.

3. Use a web client to connect to the IP address (or DNS name) of the server.

The server will be monitoring the port you specified.

You should see the <installation directory>/root directory at the web

client.

The sample home page, index.sample.html, should appear in the directory

listing.

Note. The cryptogram you enter as -kek_mfk31 and the clear text you enter when the

command prompts you to clear the KEK key, must have been generated using the SCT

Calculate Crypto function, using the MFK, as described in Step 4. Obtaining a KEK Pair Using

Variant 31. If you enter clear text and cryptograms generated in some other way, the certificate

you install will not be usable and the iTP Secure WebServer cannot communicate with the

WISP.

Take care in entering both the cryptogram and the clear text. The keyadmin utility can detect a

mismatch (or reversal of the cryptogram and clear text) only if the error results in incorrect

check digits for the clear text.