iTP Secure WebServer System Administrator's Guide (Version 7.0)
Integrating the WebSafe2 Internet Security
Processor (WISP)
iTP Secure WebServer System Administrator’s Guide—523346-012
5-12
Generating the Public/Private Key Pair and
Obtaining the Certificate
character as shown. The backslash is not permitted to break the DN value across
lines.
bin/keyadmin -websafegen [key-req-file] \
-widconf wid-config-file -dn 'dn' -kek_mfk0 kek-cryptogram \
[-kek_clear kek-value] [-length key-length] [-verbose] [-utf8]
The command components are:
-websafegen [key-req-file]
instructs the server to generate a public/private key pair and a PKCS #10
certificate request and to write the certificate request to the file specified in the
command. If the file name is omitted, the default file name is cert-req.txt.
-widconf wid-config-file
specifies the WID configuration file for hardware encryption. By default, this file is
named wid.config.
-dn 'dn'
specifies the full Distinguished Name (DN) for the new key pair. Enclose this in
single quotation marks (‘) to protect it from being interpreted by the shell.
You must include the same field values entered on the CA request form in the
exact order that the CA specifies. You also must enclose any value containing a
comma with double quotation marks (“).
The keyadmin command accepts these characters in the DN field:
A-Z a-z 0-9 (space) ' ( ) + , - . / : = ? #
To specify non-English values for DN attributes, specify the –utf8 option.
-kek_mfk0 wid-config-file
specifies the encrypted KEK under MFK variant 0.
-kek_clear kek-value
specifies the clear KEK value. If kek-value is not supplied in the command line,
you are prompted by keyadmin to enter it. Keyadmin computes the check digits of
KEK and asks you to verify that it is correct. The size of KEK is 16 bytes (32 hex
digits).
-length key-length
specifies the length of the key in bits. This option allows you to control the size of
the encryption key. The default key size and the minimum key size is 512 bits. The
maximum key size is 1024 bits, or 512 bits for the exportable version of the iTP
Secure WebServer.
Note. The bin/ prefix indicates the directory that contains the keyadmin utility.