Manualshelf

iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-012
4-11
Using the Keyadmin Utility to Manage Keys and
Certificates
-webmaster webmaster-name
-phone webmaster-phone-num
-software software
adds any of these plain text fields to the certificate request. The information in
these fields are for your convenience and do not affect the keyadmin command.
Be sure to include single quotes (‘) or double quotes (“) around any entries that
contain a space.
-verbose
specifies that complete information associated with the command string should be
displayed.
-utf8
specifies that the DN attributes specified while creating a certificate request are
UTF-8 encoded.
The keyadmin utility writes the public key and DN to the file name specified in -mkreq
cert-req-file. The information in this file name is encoded in PKCS #10 message
format.
Requesting a Certificate
After creating the certificate request and writing it to a file, follow instructions provided
by the CA (for example, on their Web page) to request the certificate.
VeriSign, Inc. is a CA that currently issues digital certificates for use with the iTP
Secure WebServer. VeriSign certificates are acceptable for use with both Secure
HTTP and SSL-enhanced Web browsers. For more information, see VeriSign’s Web
page at this URL:
http://www.verisign.com/
After processing your request, the CA will e-mail you a file containing your certificate in
PKCS #7 format.
Adding a Certificate to the Key Database File
When you receive a certificate from a CA, install it in your server’s key database file
and remove any hidden characters it contains (such as line-feed characters). To add a
certificate, use the keyadmin command shown. If you are going to use this certificate
with the WebSafe2 unit, the keyadmin commands you use are somewhat different.
Note. All DN attributes cannot be UTF-8 encoded. The DN attributes that are supported
by the iTP Secure WebServer and their required encoding format are listed in Table 4-2 on
page 4-25. Only the DN attributes that contain the Directory String type can be UTF-8
encoded. If the DN attributes that do not contain the Directory String type are specified
with the –utf8 option, they will be forcefully encoded in their required encoding format.