Manualshelf

iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-012
4-10
Using the Keyadmin Utility to Manage Keys and
Certificates
You can enter the arguments in any order. Enter the entire command on a single
command line. If a continuation character is necessary, you must use the backslash (\)
character as shown; the backslash is not permitted to break the DN value across lines.
bin/keyadmin -keydb keydb [-mkreq cert-req-file] \
-dn 'dn'[-life days] [-webmaster webmaster-name] \
[-phone webmaster-phone-num] [-software software] [-verbose]
[-utf8]
The command’s arguments have these functions:
-keydb keydb
specifies the name of the key database file that will store the private and public
parts of the new key pair (along with the key’s DN).
If the database you specify is nonexistent, the server creates the database for you
and notifies you that the new database was created.
-mkreq cert-req-file
generates a certificate request for the specified DN and writes it to the file specified
in the command. A key pair must already reside in the database. If the specified file
does not exist, the default file is cert-req.txt.
Note that if you omit -mkreq, this command generates both a random key pair and
a certificate request.
-dn 'dn'
specifies the full DN for the new key pair. Enclose this DN with apostrophes (') to
protect it from being interpreted by the shell.
Make sure to include the same field values entered on the CA request form and in
the exact order that the CA specifies. Also, enclose any value containing a comma
with quotation marks (").
The keyadmin command accepts these characters in the DN field:
A-Z a-z 0-9 (space) ' ( ) + , - . / : = ? #
To specify non-English values for DN attributes, specify the –utf8 option.
-life days
specifies the length of time, in days, that the certificate will remain valid. The
default is 365 days. The life span requested is inserted into the resulting certificate
request. Note that the CA can adjust this life span when issuing the certificate.
Note. The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.