Making server certificates available to clients

All the certificates in the HODServerKeyDb.kdb are available to the Host On-Demand server. However, in some of the configurations, one of these certificates must also be made available to the clients that access the server. In the cases where your server uses a certificate from an unknown CA, the root of that certificate must be made available to the client. If your server uses a self-signed certificate, then a copy of that certificate must be made available to the clients.

For Host On-Demand downloaded and cached clients, this is done by extracting the certificate to a temporary file and creating or updating a file named CustomizedCAs.p12, which should be present in the Host On-Demand publish directory.

To create the CustomizedCAs.p12 file for downloaded or cached clients, enter the following command: 
java com.ibm.gsk.ikeyman -keydb -create -db
CustomizedCAs.p12 -pw hod -type pkcs12

The default password is hod.

Parent topic: Using the IKEYCMD command-line interface