Create a key database file
Use the gskkyman utility to create a key database file.
Steps
- Start the gskkyman utility from a shell prompt (OMVS or rlogin session) as follows:
$ gskkyman
- Enter option 1 to create a new key database file.
- Type a key database name or accept the default key.kdb.
- Press Enter
- Create a password to protect the key database.
- Enter the database password for verification.
- Type a password expiration interval in days or accept the default (no expiration date).
- Type a database record length or accept the default 2500.
The key database is created and a message is displayed indicating the success or failure of this operation
- From the Key Management menu, select option 6 to create a self-signed server certificate and follow the prompts.
- After the certificate is created, we must extract this certificate so it can be sent to the LDAP client system and added as a trusted CA certificate. To do so, follow these steps:
- Select option 1 to manage keys and certificates.
- From the Key and Certificate List, enter the label number of the certificate to be exported.
- From the Key and Certificate menu, enter option 6to export the certificate to a file.
- From the Export File Format dialog, select the export format. For example, select option 1 to export to Binary ASN.1 DER.
- Enter the export file name.
The certificate is exported. We now transfer the exported file to the LDAP client system and add it as a trusted CA certificate. Since the file format of binary DER is specified on the export, this same file type must be specified to the gsk7ikm utility on the LDAP client system during the Add operation.
Parent topic: Configure IBM Security Directory Server for z/OS for SSL access