This section describes topics on how to set up and use
the key management utility (IKEYMAN) with IBM® HTTP
Server. Using the graphical user interface, rather than the command
line interface, is recommended.
Before you begin
Ensure that the required compat-libstdc++
package exists for your operating system architecture. For more information,
see the installation and verification information for Linux packages.
About this task
Global Security Kit (GSKit) certificate management tools
are installed in the
<ihsinst>/bin/ directory.
These tools should only be run from the installation directory. Examples
for the following commands should include the full directory path,
such as
<ihsinst>/bin/gsk7cmd.
- gsk7ver,
- ikeyman,
- gsk7capicmd
- gsk7cmd.
For IKEYMAN, you can run the following command in the installation
directory to generate debug information.
<ihsinst>/bin/ikeyman -x
To
have a secure network connection, create a key for secure network
communications and receive a certificate from a certificate authority
(CA) that is designated as a trusted CA on your server.
Use
IKEYMAN for configuration tasks that are related to public and private
key creation and management. You cannot use IKEYMAN for configuration
options that update the httpd.conf configuration
file.
Procedure
- Use IKEYMAN to create key databases, public and private
key pairs, and certificate requests.
- If you act as your own CA, you can use IKEYMAN to create
self-signed certificates.
- If you act as your own CA for a private Web network, you
have the option to use the server CA utility to generate and issue
signed certificates to clients and servers in your private network.
What to do next
For more information about the IKEYMAN utility, see the IKEYMAN
User's Guide on the
IHS Library page.