mkkeyserver

Use the mkkeyserver command to create a key server object.

Syntax

Read syntax diagramSkip visual syntax diagram mkkeyserver -ipip_address_or_domain_name-portport-sslcertcertificate_file-name-primary

Parameters

-ip ip_address_or_domain_name
(Required) Specifies the key server's IP address or domain name. This must be a valid IPv4 or IPv6 address or a fully qualified domain name. IPv6 addresses can be zero compressed. If you specify a fully qualified domain name, a DNS server must be configured on your system. You can use the mkdnsserver command to configure DNS servers.
-port port
(Optional) Specifies the key server's TCP/IP port. The value must be a number 1 - 65535. The default value is the same as the default port used for key servers of the currently enabled type.
-sslcert certificate_file
(Optional) Specifies the key server's internally-signed certificate. The value must be a file path string.
-name
(Optional) Specifies the key server object name. The value must be an alphanumeric string.
-primary
(Optional) Specifies the primary key server.

Description

This command creates a key server object.

The primary key server object is created by specifying -primary. If key management is enabled, you must use the primary key server object to create keys.

Note: When a primary key server is configured, that key server must be defined before a rekey operation occurs. A primary object (such as a server) can be configured at any time when a defined primary server is present. When you create keys, the system uses the key server that is configured as the primary key server. For multi-primary key server configurations, any key server can be selected as the primary. A rekey operation without a defined primary key server fails.

When a key server object is created, it is automatically validated. If the validation is not successful, the command fails and an error message is displayed.

An invocation example

mkkeyserver -ip servername.example.com -sslcert /tmp/isklm_public_server_cert.pem -primary

The resulting output:

Key Server, id [0], successfully created