Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-002
4-10
Using the Keyadmin Utility to Manage Keys and
Certificates
Note that if you omit -mkreq, this command generates both a random key pair and
a certificate request.
-dn 'dn'
specifies the full DN for the new key pair. Enclose this DN with apostrophes (') to
protect it from being interpreted by the shell.
Make sure to include the same field values entered on the CA request form and in
the exact order that the CA specifies. Also, enclose any value containing a comma
with quotation marks (").
The keyadmin command accepts the following characters in the DN field:
A-Z a-z 0-9 (space) ' ( ) + , - . / : = ? #
-life days
specifies the length of time, in days, that the certificate will remain valid. The
default is 365 days. The life span requested is inserted into the resulting certificate
request. Note that the CA can adjust this life span when issuing the certificate.
-webmaster webmaster-name
-phone webmaster-phone-num
-software software
adds any of these plain text fields to the certificate request. The information in
these fields are for your convenience and do not affect the keyadmin command.
-verbose
specifies that complete information associated with the command string should be
displayed.
The keyadmin utility writes the public key and DN to the file name specified in -mkreq
cert-req-file. The information in this file name is encoded in PKCS #10 message
format.
Requesting a Certificate
After creating the certificate request and writing it to a file, follow instructions provided
by the CA (for example, on their web page) to request the certificate.
VeriSign, Inc. is a CA that currently issues digital certificates for use with the iTP
Secure WebServer. VeriSign certificates are acceptable for use with both Secure
HTTP and SSL-enhanced web browsers. For more information, see VeriSign’s web
page at the following URL:
http://www.verisign.com/
After processing your request, the CA will e-mail you a file containing your certificate in
PKCS #7 format.