iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

Configuring for Secure Transport

iTP Secure WebServer System Administrator’s Guide—523346-002

4-12

Using the Keyadmin Utility to Manage Keys and

Certificates

-addcert cert-recv-file

specifies the name of the encoded file containing your new certificate as received

from your CA.

-force

specifies that a renewal of an older certificate should occur, as specified through

the -renew option, but that the check for a valid start date should not be

performed.

-root

treats the certificate as a root.

-verbose

specifies that complete information associated with the command string should be

displayed.

A sample command is as follows:

bin/keyadmin -keydb conf/mykeys -addcert my-cert.txt

This command ensures that the certificate is valid by checking that the public key it

contains matches the public key associated with the same DN in the database. Then

the certificate is inserted in the database.

At this point, update the KeyDatabase, ServerPassword, and AcceptSecureTransport

configuration directives in the server’s configuration file, if you have not done so

already, and restart the server.

Responses are always delivered in PKCS #7 message format. However, you can add

items to the database in any of the following formats:

•

A message in PKCS #7 format

•

A raw RADIX-64 encoded certificate

•

A message in Privacy Enhanced Message (PEM) format

The keyadmin utility can read PEM format, but VeriSign no longer supports that format.