iTP Secure WebServer System Administrators Guide (Version 7.5+)

Storing unencrypted private keys in disk files is not

recommended.

exists, it is overwritten.

If the specified DN does not exist in the key database file, an error message is displayed.

The following examples illustrate the export options:

./keyadmin -keydb demo.db -exportpriv priv.key –dn \

'CN=www.hp.com, L=Cupertino, O=HP, OU=NED, C=US' \

–encode DER –crypt 3DES

./keyadmin -keydb demo.db -exportpriv priv.key –dn \

'CN=www.hp.com, L=Cupertino, O=HP, OU=NED, C=US' \

–encode PEM –crypt AES256

./keyadmin -keydb demo.db -exportpriv priv.key –dn \

• Generate Diffie-Hellman parameters with different sizes and store them in the specified file.

• Overwrite previous parameter file with new parameters.

To generate the Diffie-Hellman parameters, use the following keyadmin command:

bin/keyadmin -dhparams [-out filename][-length paramsize][-overwrite]

The command’s arguments have these functions:

-out filename

specifies the output filename for parameters to be stored. If the filename you specify is nonexistent,

the keyadmin creates a new file and notifies you that the new file is created.

-length paramsize

specifies that the parameter set generated must be of parameter size paramsize. The default

-----BEGIN DH PARAMETERS-----

-----END DH PARAMETERS-----

iTP Secure WebServer supports only the PKCS#3 formatted structure.

size 1024 the syntax is:

bin/keyadmin –dhparams –out dh_params —length 1024