Keystores

To ensure secure storage of private keys and certificates, you need to use a keystore. You can use the IBM® Global Security Kit (GSKit) to create a PKCS#12 keystore (with the .p12 extension) or a CMS keystore (with the .kdb extension).

Certificate Management System (CMS) is the native IBM Global Security Kit (GSKit) keystore, containing:

X.509 certificates.
Certificate requests (pending signing by an authority).
Private keys for the stored certificates where applicable.

If a certificate has an associated private key, it is stored in an encrypted state in the keystore with its associated certificate.

Note: Private keys cannot be stored without an associated certificate.