Using iKeyman to create a Key Database file
 Technote (troubleshooting)
 
Problem(Abstract)
Instructions for using the iKeyman utility to create a Key Database file for IBM® HTTP Server.
 
Resolving the problem
For information about using the iKeyman utility please visit our online documentation at the following URL: (Section: How to-->use IKEYMAN)
http://www.ibm.com/software/webservers/httpservers/doc/v1312/ibm/2tabcontents.htm


How do I create a Key Database File(.kdb) using iKeyman?
  1. Open the IKEYMAN utility (From Microsoft® Windows®, click Start > Programs > IBM HTTP Server > Start Key Management Utility.
  2. From the Menu Bar select Key Database File > New.
  3. Enter a file name for the new Key Database file you are creating.
  4. Enter a Location for the location on the hard drive where you want to store the .kdb file. On Windows, this is usually the /IBM Http Server/ssl directory.
  5. Click OK.



    After saving the key database file to the location specified, you are prompted to enter a password. This is the password that will be used to open the key database file in iKeyman in the future.
  6. Click to enable the checkbox Stash the password to a file? This encrypts the password and saves the file as a .sth file in the same directory as the key database file.


  7. Click OK.

How do I create a new "Certificate Request" to send to a CA (ex. Verisign)?

A. Open the Key Database File(.kdb) using the IKEYMAN utility

B. In the middle of the IKEYMAN GUI you will see a section called "Key database content"



C. Click on the "down arrow" to the right, to display a list of three choices

D. Select "Personal Certificate Requests"



E. From the "Personal Certificate Requests" section, click the "New" button



F. Key Label= (The name you want to give the certificate to identify it in IKEYMAN)
Note: Using the SiteName (ex. www.robo.com) as the label is a good practice



G. Key Size= (1024 for 128bit, 512 for 56bit)



H. Common Name= (SiteName, ex. www.robo.com)
Note: This is the name that the CA will register, so it is important it matches the actual SiteName

I. Organization= (Company Name)

J. "Enter the name of a file in which to store the certificate request"
Note: This is the file (.arm) that will contain your request. It is a simple text file that can be opened in any text editor. The information contained in this file is what the CA (ex. Verisign) needs you to provide them.
*Saving this file(.arm) in the same directory as the (.kdb) file is recommended.



K. Once you save the file (.arm) you are done with creating the request



L. You must now choose a CA and follow the CA's instructions for sending them a the "Certificate Request"


How do I receive the Certificate into the Key Database File (.kdb) file after getting it back from the CA?
Note: CAs usually send back an email with the certificate information provided as text in the email.

A. Take the information provided in the email and copy it into a text file. Save the text file with a .cert extension or .arm extension

B. Open the .kdb file using the IKEYMAN utility

C. In the middle of the IKEYMAN GUI you will see a section called "Key database content"

D. Click on the "down arrow" to the right, to display a list of three choices

E.. Select "Personal Certificates"



F. From the "Personal Certificates" section, click the "Receive" button



G. Data Type= (Leave the default of "Base64-encoded ASCII data")



H. Browse to the directory that contains the .cert or .arm file

I. Highlight the file and click Open.



J. Now click OK on this dialog box


 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > IBM HTTP Server
Operating system(s): Windows
Software version: 6.0
Software edition:
Reference #: 1006430
IBM Group: Software Group
Modified date: May 31, 2006