Setting up an SSL-protected network

To set up SSL connections between your clients and servers, you need a trusted signer certificate and a server certificate that is signed by the trusted signer. Use the nc_gskcmd command-line utility or the IBM® Key Management (iKeyman) graphical tool to manage these keys and digital certificates.

About this task

Important: If you run Tivoli Netcool/OMNIbus in FIPS 140-2 mode, use only the nc_gskcmd utility. Also, use nc_gskcmd for networks that include Java-based clients. Do not use iKeyman for either of these scenarios.

Both utilities use a Certificate Management System (CMS) key database to store digital certificates and keys. The key database needs a password to protect private keys, which are used to sign documents and to decrypt messages that are encrypted with public keys.

In a key database, digital certificates from CAs are stored as signer certificates. Any self-signed certificates that are created, or any server certificates that are received from issuing CAs in response to a certificate request, are stored as personal certificates.