Manualshelf

iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-012
4-12
Using the Keyadmin Utility to Manage Keys and
Certificates
For information about installing a certificate for use with a WebSafe2 unit, see Step 5.
Installing the Certificate on page 5-14.
Adding Certificates With DNs That are Different From the Key Generation
DN
You can add certificates that have DNs that are different from the DN used during key
generation. A typical case where this occurs is when a DN is changed by an issuing
CA.
When you add such a certificate for the first time, the iTP Secure WebServer creates a
file called newdn.txt (in the root directory) that contains the new DN. If you add any
certificates subsequently that have DNs that are different from those used during key
generation or those added previously to the key database file, those certificates’ DNs
are appended to the newdn.txt file. After the newdn.txt file is created, the “newdn
is” message provides the DN that is to be used in all keyadmin commands that require
a DN and for the AcceptSecureTransport directive. For information about the
AcceptSecureTransport directive, see AcceptSecureTransport on page A-6.
A sample newdn.txt file is:
You can enter the arguments in any order. Enter the entire command on a single
command line. If a continuation character is necessary, you must use the backslash (\)
character as shown.
bin/keyadmin -keydb keydb -addcert cert-recv-file \
[-force] [-root] [-verbose]
The command’s arguments have these functions:
-keydb keydb
specifies the name of the key database file in which the key pair you created is
stored.
-addcert cert-recv-file
specifies the name of the encoded file containing your new certificate as received
from your CA.
Note. WebSafe2 unit is compatible only with systems running on G-series RVUs.
DN used at the time of key generation is: CN=hima.lab201.tandem.com,
OU=datakomhw, O=tandem, L=cupertino, ST=california, C=US
New DN in the certificate to be added is: CN=hima.lab201.tandem.com,
SN=297-68-2381, OU=a-sign.datakom.at, OU=a-sign Server Light Demo CA,
O=Datakom Austria GmbH, C=AT
Use the new DN for all your commands requiring a DN for this certificate.
Note. The bin/ prefix indicates the directory that contains the keyadmin utility; the default is
the bin directory.