Manage keys with the iKeyman graphical interface (Distributed systems)
This section describes topics on how to set up and use the Key Management utility (iKeyman) with IBM HTTP Server. Using the graphical interface, rather than the command line interface, is recommended.
Overview
To have a secure network connection, create a key for secure network communications and receive a certificate from a certificate authority (CA) that is designated as a trusted CA on our server.Use iKeyman for configuration tasks that are related to public and private key creation and management. We cannot use iKeyman for configuration options that update the httpd.conf configuration file.
Procedure
- Use iKeyman to create key databases, public and private key pairs, and certificate requests.
- If we act as our own CA, we can use iKeyman to create self-signed certificates.
- If we act as our own CA for a private Web network, we have the option to use the server CA utility to generate and issue signed certificates to clients and servers in our private network.
Sub-topics
Setting our system environment for using iKeyman
Start the Key Management utility user interface
Work with key databases
Guidelines for setting the database password
Change the database password
Creating a new key pair and certificate request
Importing and exporting keys
Listing certificate authorities
Certificate expiration dates
Creating a self-signed certificate
Receiving a signed certificate from a certificate authority
Displaying default keys and certificate authorities
Storing a certificate authority certificate
Storing the encrypted database password in a stash file
Related tasks
Use iKeyman to store keys on a PKCS11 device