mkkeyserver
Use the mkkeyserver command to create a key server object.
Syntax
Parameters
- -ip ip_address_or_domain_name
- (Required) Specifies the key server's IP address or domain name. This must be a valid IPv4 or IPv6 address or a fully qualified domain name. IPv6 addresses can be zero compressed. If you specify a fully qualified domain name, a DNS server must be configured on your system. You can use the mkdnsserver command to configure DNS servers.
- -port port
- (Optional) Specifies the key server's TCP/IP port. The value must be a number 1 - 65535. The default value is the same as the default port used for key servers of the currently enabled type.
- -sslcert certificate_file
- (Optional) Specifies the key server's internally-signed certificate. The value must be a file path string.
- -name
- (Optional) Specifies the key server object name. The value must be an alphanumeric string.
- -primary
- (Optional) Specifies the primary key server.
Description
This command creates a key server object.
The primary key server object is created by specifying -primary. If key management is enabled, you must use the primary key server object to create keys.
Note: When a primary key server is configured, that key server must be defined before a rekey
operation occurs. A primary object (such as a server) can be configured at any time when a defined
primary server is present.
When
you create keys, the system uses the key server that is configured as the primary key server. For
multi-primary key server configurations, any key server can be selected as the primary. A rekey
operation without a defined primary key server fails.
When a key server object is created, it is automatically validated. If the validation is not successful, the command fails and an error message is displayed.
An invocation example
mkkeyserver -ip servername.example.com -sslcert /tmp/isklm_public_server_cert.pem -primary
The resulting output:
Key Server, id [0], successfully created