Manualshelf

iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-012
4-8
Using the Keyadmin Utility to Manage Keys and
Certificates
You can access this form from the CAs home page on the Web. For a list of
supported SSL server certificates, see the Web page at this URL (specify that you
need an SSL server certificate):
http://www.verisign.org
The DN you have decided to use to identify your server.
The password associated with the servers key database file. If you plan to use an
existing key database file, you must know the password associated with it. If you
plan to create a new key database file, you must choose a password.
For information about the server key database file and the password used to encrypt it,
see KeyDatabase on page A-28 and ServerPassword on page A-77.
To generate a new key pair, use the keyadmin command shown. If you are going to
use this certificate with the WebSafe2 unit, the keyadmin commands you use are
somewhat different. For information about generating a key pair for use with a
WebSafe2 unit, see Step 2. Generating a Public/Private Key Pair and a Certificate
Request on page 5-11.
You can enter the arguments in any order. Enter the entire command on a single
command line. If a continuation character is necessary, you must use the backslash (\)
character as shown; the backslash is not permitted to break the DN value across lines.
bin/keyadmin -keydb keydb [ -mkpair ] -dn 'dn' \
[-length key-length] [-verbose] [-utf8]
The command’s arguments have these functions:
-keydb keydb
specifies the name of the key database file that will store the private and public
parts of the new key pair (along with the key’s DN).
If the database you specify is nonexistent, the server creates the database for you
and notifies you that the new database was created.
-mkpair
instructs the server to generate a random key pair that has a default length of 512
bits. When you issue this command, you are prompted to type random keystrokes.
The timing of your keystrokes is used to produce a random numeric code.
Note that if you omit -mkpair, this command generates both a random key pair
and a certificate request.
Note. WebSafe2 unit is compatible only with systems running on G-series RVUs.
Note. The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.