Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-002
4-8
Using the Keyadmin Utility to Manage Keys and
Certificates
For information about the server key database file and the password used to encrypt it,
see KeyDatabase on page A-24 and ServerPassword on page A-67.
To generate a new key pair, use the keyadmin command shown below. If you are
going to use this certificate with the WebSafe2 unit, the keyadmin commands you use
are somewhat different. For information about generating a key pair for use with a
WebSafe2 unit, see Step 2. Generating a Public/Private Key Pair and a Certificate
Request on page 5-11.
You may enter the arguments in any order. Enter the entire command on a single
command line. If a continuation character is necessary, you must use the backslash (\)
character as shown; the backslash is not permitted to break the DN value across lines.
bin/keyadmin -keydb keydb [ -mkpair ] -dn 'dn' \
[-length key-length] [-verbose]
The command’s arguments have the following functions:
-keydb keydb
specifies the name of the key database file that will store the private and public
parts of the new key pair (along with the key’s DN).
If the database you specify is nonexistent, the server creates the database for you
and notifies you that the new database was created.
-mkpair
instructs the server to generate a random key pair that has a default length of 512
bits. When you issue this command, you are prompted to type random keystrokes.
The timing of your keystrokes is used to produce a random numeric code.
Note that if you omit -mkpair, this command generates both a random key pair
and a certificate request.
-dn 'dn'
specifies the full DN for the new key pair. Enclose this DN with apostrophes (') to
protect it from being interpreted by the shell.
Make sure to include the same field values entered on the CA request form and in
the exact order that the CA specifies. Also, be sure to enclose any value containing
a comma with quotation marks (").
The keyadmin command accepts the following characters in the DN field:
A-Z a-z 0-9 (space) ' ( ) + , - . / : = ? #
Note. The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.