iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

Configuring for Secure Transport

iTP Secure WebServer System Administrator’s Guide—523346-012

4-26

Using the Keyadmin Utility to Manage Keys and

Certificates

Importing a Private Key into iTP Secure WebServer's Key

Database File

You can request to import a private key (not generated by the keyadmin utility) to the

iTP Secure WebServer's key database and store it in the entry that contains the

corresponding certificate. The key to be imported must be in the PKCS#8 Base64

encoded format.

To import a private key, use the keyadmin command:

bin/keyadmin -keydb <keydb> -importpriv <key-file> [-dn 'dn']

This command prompts for the password of the key database file in which the key must

be stored. The keyadmin command prompts to create a password to protect the key

database file if it is not password protected.

If the corresponding certificate is not found, a new entry is created using the DN

provided in the -dn option of the command. In such instances, the -dn option must be

specified and is not treated as optional. If the -dn option is not set, an error is

displayed.

The keyadmin command arguments have the following functions:

-keydb <keydb>

specifies the name of the key database file in which the private key will be stored.

If the key database file mentioned in the command does not exist, the system

prompts you to create it. If you choose to create the database, the system prompts

for a password to protect the key database file.

-importpriv <key-file>

specifies that you want to import the private key from the key-file and store it in a

key database file.

GQ: Generation Qualifier Directory String

NAME: Name Directory String

Note: Directory String can take one of these encoding formats, UTF-8 String (if the –utf8 option is specified during

key-pair or certificate request generation), Printable String (default encoding if the

–utf8 option is not specified), or T.61 String (DN value specified is not in printable character set and UTF-8 encoding

is not specified or applicable for the DN).

Note. The bin/ prefix indicates the directory that contains the keyadmin utility; the default

directory is bin.

Table 4-2. Supported DN Attributes (page 2 of 2)

Attribute Required Encoding Type