Manualshelf

iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-012
4-9
Using the Keyadmin Utility to Manage Keys and
Certificates
-dn 'dn'
specifies the full DN for the new key pair. Enclose this DN with apostrophes (') to
protect it from being interpreted by the shell.
Make sure to include the same field values entered on the CA request form and in
the exact order that the CA specifies. Also, be sure to enclose any value containing
a comma with quotation marks (").
The keyadmin command accepts these characters in the DN field:
A-Z a-z 0-9 (space) ' ( ) + , - . / : = ? #
To specify non-English values for DN attributes, specify the –utf8 option.
-length key-length
specifies the length of the key in bits. This option allows you to control the size of
the encryption key. The default key size is 512 bits. The minimum key size is 512
bits. The maximum key size is 1024 bits, except for the exportable version of the
iTP Secure WebServer, for which it is 512 bits.
-verbose
specifies that complete information associated with the command string should be
displayed.
-utf8
specifies that the DN attributes specified while generating a key-pair are UTF-8
encoded.
The keyadmin utility prompts you to enter the password associated with the key
database file. After you enter the key database file password, the keyadmin utility
creates the private and public parts of a new key pair, stores them in the key database
file, and then binds this key pair to the DN you specified.
Longer keys provide more security, but at the cost of requiring more time to encrypt a
particular object.
Creating a Certificate Request
To create a public key certificate request, use the keyadmin command shown.
Note. All DN attributes cannot be UTF-8 encoded. The DN attributes that are supported
by the iTP Secure WebServer and their required encoding format are listed in Table 4-2 on
page 4-25. Only the DN attributes that contain the Directory String type can be UTF-8
encoded. If the DN attributes that do not contain the Directory String type are specified
with the –utf8 option, they will be forcefully encoded in their required encoding format.