Manage keys with the iKeyman graphical interface (Distributed systems)

Manage keys with the iKeyman graphical interface (Distributed systems)

This section describes topics on how to set up and use the Key Management utility (iKeyman) with IBM HTTP Server. Using the graphical interface, rather than the command line interface, is recommended.

Overview
To have a secure network connection, create a key for secure network communications and receive a certificate from a certificate authority (CA) that is designated as a trusted CA on our server.
Use iKeyman for configuration tasks that are related to public and private key creation and management. We cannot use iKeyman for configuration options that update the httpd.conf configuration file.

Procedure

Use iKeyman to create key databases, public and private key pairs, and certificate requests.

If we act as our own CA, we can use iKeyman to create self-signed certificates.

If we act as our own CA for a private Web network, we have the option to use the server CA utility to generate and issue signed certificates to clients and servers in our private network.

Sub-topics

Setting our system environment for using iKeyman

Start the Key Management utility user interface

Work with key databases

Guidelines for setting the database password

Change the database password

Creating a new key pair and certificate request

Importing and exporting keys

Listing certificate authorities

Certificate expiration dates

Creating a self-signed certificate

Receiving a signed certificate from a certificate authority

Displaying default keys and certificate authorities

Storing a certificate authority certificate

Storing the encrypted database password in a stash file

Related tasks

Use iKeyman to store keys on a PKCS11 device