Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-002
4-11
Using the Keyadmin Utility to Manage Keys and
Certificates
Adding a Certificate to the Key Database File
When you receive a certificate from a CA, install it in your server’s key database file
and remove any hidden characters it contains (such as line-feed characters). To add a
certificate, use the keyadmin command shown below. If you are going to use this
certificate with the WebSafe2 unit, the keyadmin commands you use are somewhat
different. For information about installing a certificate for use with a WebSafe2 unit, see
Step 5. Installing the Certificate on page 5-13.
Adding Certificates With DNs That are Different From the Key Generation
DN
You can add certificates that have DNs that are different from the DN used during key
generation. A typical case where this occurs is when a DN is changed by an issuing
CA.
When you add such a certificate for the first time, the iTP Secure WebServer creates a
file called newdn.txt (in the root directory) that contains the new DN. If you add any
certificates subsequently that have DNs that are different from those used during key
generation or those added previously to the key database file, those certificates’ DNs
are appended to the newdn.txt file. After the newdn.txt file is created, the “newdn
is” message provides the DN that is to be used in all keyadmin commands that require
a DN and for the AcceptSecureTransport directive. For information about the
AcceptSecureTransport directive, see AcceptSecureTransport on page A-5.
A sample newdn.txt file is shown below:
You may enter the arguments in any order. Enter the entire command on a single
command line. If a continuation character is necessary, you must use the backslash (\)
character as shown.
bin/keyadmin -keydb keydb -addcert cert-recv-file \
[-force] [-root] [-verbose]
The command’s arguments have the following functions:
-keydb keydb
specifies the name of the key database file in which the key pair you created is
stored.
DN used at the time of key generation is: CN=hima.lab201.tandem.com,
OU=datakomhw, O=tandem, L=cupertino, ST=california, C=US
New DN in the certificate to be added is: CN=hima.lab201.tandem.com,
SN=297-68-2381, OU=a-sign.datakom.at, OU=a-sign Server Light Demo CA,
O=Datakom Austria GmbH, C=AT
Use the new DN for all your commands requiring a DN for this certificate.
Note. The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.