Create a new key database using the command-line interface
A key database is a file that the server uses to store one or more key pairs and certificates. We can use one key database for all your key pairs and certificates, or create multiple databases.
Overview
We can create multiple databases if we prefer to keep certificates in separate databases.
Procedure
- Create a new key database using the IKEYCMD command-line interface by entering the following command (as one line):
gsk7cmd -keydb -create -db <filename> -pw <password> -type <cms | jks | jceks | pks12> -expire <days> -stash...where:
- -db <filename> is the name of the database.
- -expire <days> is the number of days before password expires. This parameter is only valid for CMS key databases.
- -keydb Specifies the command is for the key database.
- -pw <password> is the password to access the key database.
- -type <cms | jks | jceks | pkcsk> is the database type.
IBM HTTP Server only handles a CMS key database.
- -stash stashes the password for the key database. When the -stash option is specified during the key database creation, the password is stashed in a file with a filename built as follows:
<filename_of_key_database>.sthThis parameter is only valid for CMS key databases. For example, if the database being created is named keydb.kdb, the stash filename is keydb.sth.Stashing the password is required for IBM HTTP Server.
- Create a new key database using the GSKCapiCmd tool. GSKCapiCmd is a tool that manages keys, certificates, and certificate requests within a CMS key database. The tool has all of the functionality that the existing GSKit Java command line tool has, except GSKCapiCmd supports CMS and PKCS11 key databases. If we plan to manage key databases other than CMS or PKCS11, use the existing Java tool. We can use GSKCapiCmd to manage all aspects of a CMS key database. GSKCapiCmd does not require Java to be installed on the system.
gsk7capicmd -keydb -create -db <name> [-pw <passwd>] [-type <cms>] [-expire <days>] [-stash] [-fips] [-strong]
Related concepts
Manage keys with the IKEYCMD command line interface (Distributed systems)