iTP Secure WebServer System Administrator's Guide (Version 7.0)

Configuring for Secure Transport

iTP Secure WebServer System Administrator’s Guide—523346-012

4-27

Using the Keyadmin Utility to Manage Keys and

Certificates

[-dn 'dn']

specifies the DN to be used to identify the newly created entry for the imported key.

This parameter is ignored if the corresponding certificate already exists in the key

database.

For example:

./keyadmin -keydb demo.db -importpriv priv.key -dn

'CN=www.hp.com, L=Cupertino, O=HP, OU=NED, C=US'

Exporting a Private Key to a User-Defined Disk File

You can export a private key from an existing key database to a user-specified disk file.

The key is exported in the PKCS#8 Base64 encoded format.

To export a private key, use the keyadmin command:

bin/keyadmin -keydb <keydb> -exportpriv <key-file> -dn 'dn'

The keyadmin command prompts you for the password of the key database mentioned

in the keyadmin command.

The keyadmin command arguments have the following functions:

-keydb <keydb>

specifies the name of the key database file in which the private key is stored.

-exportpriv <key-file>

specifies the disk file to which the private key must be exported.

-dn 'dn'

specifies the associated DN of the private key to be exported.

If the key-file file does not exist, you will be prompted to create the file. If the key-

file already exists, it will be overwritten.

If the specified DN does not exist in the key database file, an error message is

displayed.

For example:

./keyadmin -keydb demo.db -exportpriv priv.key -dn

'CN=www.hp.com, L=Cupertino, O=HP, OU=NED, C=US'

Note. The bin/ prefix indicates the directory that contains the keyadmin utility; the default is

the bin directory.