Working with key databases

This topic describes how to create a new key database and open an existing key database.

About this task

A key database is a file that the server uses to store one or more key pairs and certificates. We can use one key database for all your key pairs and certificates, or create multiple databases.

Procedure

Create a new key database as follows:
1. Start the IKEYMAN user interface. Refer to Start the Key Management utility for platform-specific instructions.
2. Click key database file from the main user interface, then click New. Select CMS for the Key database type. IBM HTTP Server does not support database types other than CMS.
3. Enter your password in the Password Prompt dialog box, and confirm the password. Select Stash the password to a file. Click OK. The new key database should display in the IKEYMAN utility with default signer certificates. Ensure that there is a functional, non-expiring signer certificate for each of your personal certificates. .
Open an existing key database as follows:
1. Start the IKEYMAN user interface.
2. Click Key Database File from the main UI, then click Open.
3. In the Open dialog box, enter your key database name, or click the key.kdb file, if you use the default. Click OK.
4. Enter your correct password in the Password Prompt dialog box, and click OK.
5. The key database name is displayed in the File Name text box.

What to do next

We can add a default list of signer certificates to your new database using the following instructions. The version of iKeyman that is provided by the bundled Java Runtime Environment (JRE) does not add a default list of signer certificates to newly-created key databases. Add default signer certificates in iKeyman, as follows:

Select Signer Certificates from the drop-down menu in the iKeyman window.
Click Populate.
Click the grey boxes next to the certificate authority names (Entrust, RSA Data Security, Thawte, Verisign) so they display as checked.
Click OK.