3.3.6 hwskeygen

Synopsis

hwskeygen -rand file-name[:file-name]... [-des|-des3] -out key-file
    [-bits {512|1024|2048|4096}]

Storage location

Application Server installation directory/httpsd/sbin

Function

This subsection describes how to use the hwskeygen command to create a private key for the Web server. The created Web server private key file is specified in the SSLCertificateKeyFile directive.

Execution permission

Superuser

Arguments

-rand file-name[:file-name]...

Specify any file to be used for random number generation. You must specify an appropriate file whose size is large enough for the random number generation.

-des|-des3

Specify the encryption type when encrypting the private key. If you specify this parameter, you will be requested to enter a password when creating the private key. The password must be no more than 64 characters long. When creating the Certificate Signing Request (CSR) (hwscertutil reqgen command) and starting the Web server, you will also be requested to enter the password.

Note that you can skip the password entry for Web server startup. To skip the password entry, specify the SSLCertificateKeyFile directive in which you specified the server private key file and the SSLCertificateKeyPassword directive in which you specified the password file to httpsd.conf. You can create a password file by using the sslpasswd command.

If -des is specified, the Data Encryption Standard (DES) is selected as the encryption type. If -des3 is specified, Triple DES is selected. This parameter does not affect the encryption type used in the communication between the Web server and the Web browser.

-out key-file

Specify the file to which the Web server private key is output.

-bits {512|1024|2048|4096}

Specify the bit length of the Web server private key.

The following values can be specified:

• 512

• 1024

• 2048

• 4096

Default value: 1024

Exit Status