Creating a new key database
A key database is a file that the server uses to store one or more key pairs and certificates. This is required to enable secure connections between the Host On-Demand server and clients. Before configuring TLS communication, you need to create the HODServerKeyDb.kdb key database file in your_install_directory\bin for Windows and your_install_directory/bin for AIX. This file is not shipped with Host On-Demand, so you need to create it after the first install.
java com.ibm.gsk.ikeyman.ikeycmd -keydb -create-db your_install_directory\bin\HODServerKeyDb.kdb-pw <password> -type cms -expire <days> -stashNote the following descriptions:
- <password>: Password is required for each key database operation. Even though a database of the type sslight requires a specified password, the password can be a NULL string (specified as "").
- -type: the HODServerKeyDb.kdb used by the Host On-Demand server is of the type CMS.
- -expire: Days before the password expires.
- If you do not set this parameter, then the password does not expire.
- WARNING: If you set this parameter, and if you are using the key database with the Redirector, be aware that the Redirector fails to run after the password expires. When the Redirector fails, the error message from the Redirector does not state that the password of the key database has expired.
- -stash: Stashes password for key database. Stashing the password
is required for the IBM HTTP Server and the Host On-Demand
server.
When the -stash option is specified during the key database creation, the password is stashed in a file with the filename HODServerKeyDb.sth
Once the HODServerKeyDb.kdb file has been created, it holds all the security information needed by the Host On-Demand server. Any additions or changes are made to the existing HODServerKeyDb.kdb key database file.
 |
Whenever you create or make changes to the HODServerKeyDb.kdb file, you need to stop and restart the Host On-Demand Service Manager. |