iTP Secure WebServer System Administrator's Guide (Version 7.0)
Integrating the WebSafe2 Internet Security
Processor (WISP)
iTP Secure WebServer System Administrator’s Guide—523346-012
5-15
Generating the Public/Private Key Pair and
Obtaining the Certificate
A sample newdn.txt file is:
bin/keyadmin -websafeadd cert-recv-file \
-widconf config-file -kek_mfk31 kek-cryptogram \
[-kek_clear kek-value] [-verbose]
The command components are:
-websafeadd cert-recv-file
specifies the name of the encoded file containing your new certificate as received
from your CA.
-widconf config-file
specifies the WID configuration file for hardware encryption. By default, this file is
named wid.config.
-kek_mfk31 kek-cryptogram
specifies the encrypted KEK under MFK variant 31.
-kek_clear kek-value
specifies the clear KEK value. If kek-value is not supplied in the command line,
you are prompted by keyadmin to enter it. Keyadmin computes the check digits of
KEK and asks you to verify that the KEK is correct. The size of KEK is 16 bytes (32
hex digits).
-verbose
specifies that complete information associated with the command string should be
displayed.
DN used at the time of key generation is: CN=hima.lab201.tandem.com,
OU=datadev, O=tandem, L=cupertino, ST=california, C=US
New DN in the certificate to be added is: CN=hima.lab201.tandem.com,
SN=297-68-2381, OU=a-sign.datadev.com, OU=a-sign Server Light Demo CA,
O=Datadev California, C=US
Use the new DN for all your commands requiring a DN for this certificate.
Note. The bin/ prefix indicates the directory that contains the keyadmin utility.