Manualshelf

iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series
101102103104105106107108109110
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-012
4-19
Using the Keyadmin Utility to Manage Keys and
Certificates
Private Key: Not present
Public Key: Present
Certificate: Present
------------------------------------
Distinguished Name:
CN: Secure Transport Bootstrap Certificate
OU: Testing Only - Do Not Trust for Secure Transactions
OU: No Assurance - Self-Signed
OU: Generated Wed Mar 5 17:36:57 EST 1997
O: fenway.company.com
State: Enabled
Private Key: Present
Public Key: Present
Certificate: Present
-------------------------------------
If you specify keyadmin -list for a nonexistent key database file, the command will
list only the built-in roots that ship with the utility.
Updating the Default Root Certificates
The iTP Secure WebServer supports a set of default root certificates for domestic use
(United States and Canada). If a request arrives and client authentication is required,
the iTP Secure WebServer checks the certificate to see whether it matches any of the
default root certificates; if the certificate matches, the request is accepted, and if not,
the request is rejected. To restrict the set of accepted certificates, or to define the
certificates used outside the United States and Canada, you specify the corresponding
DNs in AcceptSecureTransport directives in your configuration file.
The default root certificates for the current release of the iTP Secure WebServer are as
shown in Example 4-2: