iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series

131

132

133

134

135

136

137

138

139

140

Integrating the WebSafe2 Internet Security

Processor (WISP)

iTP Secure WebServer System Administrator’s Guide—523346-012

5-16

Generating the Public/Private Key Pair and

Obtaining the Certificate

Example

This sample command shows the keyadmin syntax and the prompts that keyadmin

displays:

bin/keyadmin -verbose -websafeadd \

test-cert.resp -widconf wid.config \

-kek_mfk31 DCA519DB8A3EF822 -kek_clear 6BE0106B619EB3DF

Verifying Integration of a WebSafe2 Internet Security

Processor (WISP)

You can verify integration of the WISP and do testing using this procedure:

1. Start the iTP Secure WebServer by executing the start script:

: cd <installation directory>/conf

: ./start

After the start script has been executed, you should have a PATHMON process

running on your system. The default is $ZWEB.

If the server has been running, execute the restart script to stop the server, and

then immediately start it using the new configuration:

: cd <installation directory>/conf

: ./restart

2. Verify that the iTP Secure WebServer is running:

: ps

You should see that Distributor, httpd, and generic-cgi.pway processes

are running. By default, five httpd processes are started.

3. Use a Web client to connect to the IP address (or DNS name) of the server.

The server will be monitoring the port you specified.

You should see the <installation directory>/root directory at the Web

client.

The sample home page, index.sample.html, should appear in the directory

listing.

Note. The cryptogram you enter as -kek_mfk31 and the clear text you enter when the

command prompts you to clear the KEK key, must have been generated using the SCT

Calculate Crypto function, using the MFK, as described in Step 4. Obtaining a KEK Pair Using

Variant 31 on page 5-13. If you enter clear text and cryptograms generated in some other way,

the certificate you install will not be usable and the iTP Secure WebServer cannot

communicate with the WISP.

Take care in entering both the cryptogram and the clear text. The keyadmin utility can detect a

mismatch (or reversal of the cryptogram and clear text) only if the error results in incorrect

check digits for the clear text.