Creating the keystores

Edit online

Create the server keystore and the client keystores.

Procedure

  1. Open a command line and change to the directory where the folders for the keystores are to be stored.
    Tip: It is good practice to create the folders in a subdirectory of the instance directory. For example, create it in the following path:
    • LinuxUNIX /home/iccsapadmin/instance1/security/server_clients
    • Windows C:\Users\iccsapadmin\AppData\Roaming\IBM\iccsap\instance1\security\server_clients
  2. Enter the following command:
    • LinuxUNIX client_key_gen.sh -c -p password -n number_clients
    • Windows client_key_gen.bat -c -p password -n number_clients

    password stands for the password of the server keystore. number_clients stands for the number of client keystores that are to be created.

    Create as many client keystores as you need certificates:
    • If the system with the API is used by several users and if each user must have their own certificate, create as many client keystores as there are users.
    • If you want to organize the users in groups, where each group is to share one certificate, create one client keystore for each group.
    For example, to create the server keystore and two client keystores and to encrypt the server keystore with the password secure, enter the following command.
    client_key_gen.sh -c -p secure -n 2
    In the directory where you entered the command, the following folders are created: server, client_1, and client_2. The name of the server keystore is server.kdb. The names of the client keystores are client_1.kdb and client_2.kdb. The server keystore contains the certificates clientcert_1.crl and clientcert_2.crl. The client keystores contain the certificate servercert.crl. The server keystore is encrypted with the password secure.
  3. At any time, you can add more client keystores. Enter the following command:
    • LinuxUNIX client_key_gen.sh -p password -n number_clients -i n+1_clients
    • Windows client_key_gen.bat -p password -n number_clients -i n+1_clients

    password stands for the password of the server keystore. number_clients stands for the number of client keystores that must be added. n+1_clients stands for the start number for the client keystores that are to be added.

    For example, to add another client keystore to two existing client keystores, you would enter the following command on a Linux® or UNIX system:
    client_key_gen.sh -p secure -n 1 -i 3
    The additional folder client_3 is created.