|
Problem(Abstract) |
Instructions for using the iKeyman utility to create a Key
Database file for IBM® HTTP Server. |
|
|
|
Resolving the
problem |
For information about using the iKeyman utility please
visit our online documentation at the following URL: (Section: How
to-->use IKEYMAN)
http://www.ibm.com/software/webservers/httpservers/doc/v1312/ibm/2tabcontents.htm
How do I create a Key Database File(.kdb) using iKeyman?
- Open the IKEYMAN utility (From Microsoft® Windows®, click Start
> Programs > IBM HTTP Server > Start Key
Management Utility.
- From the Menu Bar select Key Database File >
New.
- Enter a file name for the new Key Database file you are creating.
- Enter a Location for the location on the hard drive where you want to
store the .kdb file. On Windows, this is usually the /IBM Http
Server/ssl directory.
- Click OK.
After saving the key database file to the location specified, you are
prompted to enter a password. This is the password that will be used to
open the key database file in iKeyman in the future.
- Click to enable the checkbox Stash the password to a file? This
encrypts the password and saves the file as a .sth file in the same
directory as the key database file.
- Click OK.
How do I create a new "Certificate Request" to send to a CA (ex.
Verisign)?
A. Open the Key Database File(.kdb) using the IKEYMAN utility
B. In the middle of the IKEYMAN GUI you will see a section called "Key
database content"
C. Click on the "down arrow" to the right, to display a list of three
choices
D. Select "Personal Certificate Requests"
E. From the "Personal Certificate Requests" section, click the "New"
button
F. Key Label= (The name you want to give the certificate to identify it in
IKEYMAN)
Note: Using the SiteName (ex. www.robo.com) as the label is a good
practice
G. Key Size= (1024 for 128bit, 512 for 56bit)
H. Common Name= (SiteName, ex. www.robo.com)
Note: This is the name that the CA will register, so it is important it
matches the actual SiteName
I. Organization= (Company Name)
J. "Enter the name of a file in which to store the certificate request"
Note: This is the file (.arm) that will contain your request. It is a
simple text file that can be opened in any text editor. The information
contained in this file is what the CA (ex. Verisign) needs you to provide
them.
*Saving this file(.arm) in the same directory as the (.kdb) file is
recommended.
K. Once you save the file (.arm) you are done with creating the request
L. You must now choose a CA and follow the CA's instructions for sending
them a the "Certificate Request"
How do I receive the Certificate into the Key Database File (.kdb)
file after getting it back from the CA?
Note: CAs usually send back an email with the certificate information
provided as text in the email.
A. Take the information provided in the email and copy it into a text
file. Save the text file with a .cert extension or .arm extension
B. Open the .kdb file using the IKEYMAN utility
C. In the middle of the IKEYMAN GUI you will see a section called "Key
database content"
D. Click on the "down arrow" to the right, to display a list of three
choices
E.. Select "Personal Certificates"
F. From the "Personal Certificates" section, click the "Receive" button
G. Data Type= (Leave the default of "Base64-encoded ASCII data")
H. Browse to the directory that contains the .cert or .arm file
I. Highlight the file and click Open.
J. Now click OK on this dialog box
|
|
|
|
|
|
|