Open a cryptographic token using the key management utility (iKeyman)

 

+

Search Tips   |   Advanced Search

 

Before you begin

Verify that your cryptographic token device is installed and functions properly. Create a cryptographic token, following the instructions provided by the manual of the cryptographic device.

From your cryptographic token device documentation, identify the token library. For example, the IBM 4758 PCI Cryptographic Card uses CRYPTOKI.DLL as the PKCS#11-type token library

...for further information about using the key management utility (iKeyman).

To use iKeyMan for key management with a cryptographic token device, edit...

${WAS_INSTALL_ROOT}/java/jre/lib/security/java.security

...and uncomment the line containing...

com.ibm.crypto.pkcs11.provider.IBMPKCS11

 

Overview

Use the key management utility to open a cryptographic token. Once opened, one can manage your keys and certificates just like you do with keystore and truststore files:

• Create a self-signed digital certificate

• Extract or add both certificate authority (CA) roots and personal certificate signer certificates

• Request and receive a digital certificate from a CA

 

Procedure

1. Start the key management utility, if it is not already running.

2. Click Key DataBase File > Open.

3. Click Cryptographic Token from the list of key database types.

4. Fill in the information for File Name and Location, or browse for the cryptographic device library.

5. Click OK to open the library.

6. Type in the slot number in the next panel. This is the number of the slot in which you previously created the cryptographic token.

7. Enter the password. This is the password configured for the cryptographic token that you created.

 

Result

All of the personal and signer certificates are stored on the cryptographic token card. With the token open, one can create or request digital certificates and receive CA-signed certificates.

 

What to do next

Use a cryptographic token device as a key database to manage keys and certificates for an SSL connection. Once the cryptographic token is open, one can add or delete keys and certificates. Configure the cryptographic token settings in WebSphere Application Server.

---

 

Related Tasks

Configuring to use cryptographic tokens
Manage digital certificates

 

See Also

Cryptographic token support

 

---