To ensure secure storage of private keys and certificates, you need to use a keystore. You can use the IBM® Global Security Kit (GSKit) to create a PKCS#12 keystore (with the .p12 extension) or a CMS keystore (with the .kdb extension).
Certificate Management System (CMS) is the native GSKit keystore, containing:
- X.509 certificates.
- Certificate requests (pending signing by an authority).
- Private keys for the stored certificates where applicable.
Note: Private keys cannot be stored without an associated certificate.