Adding client certificates to a server keystore

Edit online

If the API communicates with several Collector Server instances, you must register the client certificates that were created on one Collector Server instance with the server keystore on the other Collector Server instances.

Read syntax diagramSkip visual syntax diagram client_key_gen.sh1client_key_gen.bat2  -add  -sdbserver_keystore_path  -ppassword  -ccertclient_certificate_path  -clnew_certificate_label
Notes:
  • 1 On Linux® and UNIX systems
  • 2 On Windows

Parameters

-sdb server_keystore_path
Specifies the relative path with file name of the server keystore to which the client certificate is to be added.
-p password
Specifies the password of the server keystore.
-ccert client_certificate_path
Specifies the relative path with file name of the client certificate that is to be added.
-cl new_certificate_label
Specifies the new label for the client certificate. Specify a label that is unique in the server keystore to which the client certificate is to be added.

Examples

The following example is based on the following assumptions:
  • You issue the command on Windows from the C: directory.
  • The fully qualified file name of the server keystore is
    C:\Users\iccsapadmin\AppData\Roaming\IBM\iccsap\instance1\security\server_clients\server\server.kdb.
  • The server keystore is encrypted with the password secure.
  • The client certificate that is to be added is in the C:\security directory. Its name is:
    clientcert_1.crl.
  • The client certificate must receive the following new label:
    clientcert_new
client_key_gen.bat -add -sdb Users\iccsapadmin\AppData\Roaming\IBM\iccsap\
instance1\security\server_clients\server\server.kdb -p secure
-ccert security\clientcert_1.crl -cl clientcert_new