iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series

131

132

133

134

135

136

137

138

139

140

Integrating the WebSafe2 Internet Security

Processor (WISP)

iTP Secure WebServer System Administrator’s Guide—523346-012

5-13

Generating the Public/Private Key Pair and

Obtaining the Certificate

-verbose

specifies that complete information associated with the command string should be

displayed.

-utf8

specifies that the DN attributes specified while generating a Public/Private key pair

and a certificate request are UTF-8 encoded.

Example

When you enter the keyadmin command and press Return, you are prompted for the

clear KEK key. Your response is not echoed. The following example dialog shows

correct keyadmin syntax and the prompts that keyadmin displays.

The value of -kek_mfk0 consists of the left and right portions of the encrypted KEK.

Compare the KEK with the Example on page 5-11. The keyadmin command does not

echo the clear KEK key that you type, but in this example, the value consistent with the

same example would be F445DF43798097A1A42043A70B4F8A61. If the check

digits do not match the value on the SCT display, run the command again, taking care

to enter the clear text and cryptogram correctly.

bin/keyadmin -verbose -websafegen \

test-cert.req -widconf wid.config \

-dn 'CN =testing,OU=web,O="Tandem Computers, Inc.", \

L=Cupertino,ST=California,C=US' \

-kek_clear F445DF43798097A1A42043A70B4F8A61 \

-kek_mfk0 20F6479470CC73F20325C6824FF0D6E2 -length 512

Check digits of clear KEK: xxxx

Is it correct (y or n)?: y

After the keyadmin utility finishes running the command, it generates a file named

cert-req.txt in the directory where the command was run. This file contains the

public key and DN encoded in PKCS #10 format.

Step 3. Requesting a Certificate From a Certificate Authority

(CA)

To request a certificate, e-mail the file cert-req.txt to a CA. For more information

about this process, see Requesting a Certificate on page 4-11.

Step 4. Obtaining a KEK Pair Using Variant 31

You obtain a KEK pair using variant 31 by performing these steps:

Note. All DN attributes cannot be UTF-8 encoded. The DN attributes that are supported

by the iTP Secure WebServer and their required encoding format are listed in Table 4-2 on

page 4-25. Only the DN attributes that contain the Directory String type can be UTF-8

encoded. If the DN attributes that do not contain the Directory String type are specified

with the –utf8 option, they will be forcefully encoded in their required encoding format.