Creating HTTP server keys

This topic describes how to create IBM® HTTP Server (IHS) keys using the IBM HTTP Server Key Management utility.

About this task

The IHS key file stores certificates used by the IBM HTTP Server.

The following variable is used in path names in this topic:

RATIONAL_COMMON: Directory where Rational common files are installed

To create IHS keys by using the IBM HTTP Server Key Management utility:

Procedure

Stop the IBM HTTP Server if it is currently running. See Starting, stopping, and restarting CM Server.
Start the IBM HTTP Server Key Management utility:
- On Windows®, click Start > Programs > IBM HTTP Server 6.1 > Start Key Management Utility.
- On the UNIX® system and Linux, navigate to the directory $RATIONAL_COMMON/IHS/bin and issue the following command to run the IBM Key Management utility:
  ./ikeyman
The resulting keystore file, ikey.kdb, and stash file, ikey.sth, are placed in the directory %RATIONAL_COMMON\IHS\bin on Windows and $RATIONAL_COMMON/IHS/bin on the UNIX system and Linux.
Click Key Database File > New and enter the following information:
- For Key Database Type, enter CMS key database file
- For Location, enter one of the following path specifications based on your operating system:
  - On Windows, enter drive:%RATIONAL_COMMON%\IHS\.
  - On the UNIX system and Linux, enter $RATIONAL_COMMON/IHS/.
Then click OK.
Enter key.kdb as the new keystore file name.
At the password prompt, enter a password and confirm it. The password protects the keystore file.
Note: Optionally, you can set a password expiration time in days. For example, if you enter 365, a new password must be created after 365 days.
Select Stash the password to a file. When you select this option, the HTTP Server has access to the certificates contained in the keystore file by using the password.
Click OK.
Restart the IBM HTTP Server. See Starting, stopping, and restarting CM Server.