[AIX Solaris HP-UX Linux Windows]

Creating a new key database using the command-line interface

A key database is a file that the server uses to store one or more key pairs and certificates. You can use one key database for all your key pairs and certificates, or create multiple databases.

About this task

You can create multiple databases if you prefer to keep certificates in separate databases.

Procedure

  • Create a new key database using the gskcmd command-line interface by entering the following command (as one line):
    install_root/bin/gskcmd -keydb -create -db filename [-pw password | -stashed] -stash
    where:
    • -db filename is the name of the database.
    • -keydb Specifies the command is for the key database.
    • -pw password is the password to access the key database.
    • -stashed indicates that the password for the key database should be recovered from the stash file.
    • -stash stashes the password for the key database. When the -stash option is specified during the key database creation, the password is stashed in a file with a filename built as follows:
      <filename_of_key_database>.sth 
      This parameter is only valid for CMS key databases. For example, if the database being created is named keydb.kdb, the stash filename is keydb.sth. Note: Stashing the password is required for IBM® HTTP Server.
  • Create a new key database using the GSKCapiCmd tool.
    GSKCapiCmd is a tool that manages keys, certificates, and certificate requests within a CMS key database. The tool has all of the functionality that the existing IBM Global Security Kit (GSKit) Java™ command line tool has, except GSKCapiCmd supports CMS and PKCS11 key databases. If you plan to manage key databases other than CMS or PKCS11, use the existing Java tool. You can use GSKCapiCmd to manage all aspects of a CMS key database. GSKCapiCmd does not require Java to be installed on the system.
    install_root/bin/gskcapicmd -keydb -create -db name 
    [-pw password | -stashed] [-stash] [-fips] [-strong]