[HTTP] Using iKeyman to create a key database file

Using iKeyman to create a key database file

Problem(Abstract)

Instructions for using the iKeyman utility to create a key database file for IBM® HTTP Server.

Resolving the problem

For information about using the iKeyman utility, visit the IBM HTTP Server online documentation (Section: How to > Use IKEYMAN).


How do I create a Key Database File (.kdb) using iKeyman?

1. Open the iKeyman utility.
   • On Microsoft Windows platforms, click Start > Programs > IBM HTTP Server > Start Key Management Utility.
     
   • On UNIX platforms, start the iKeyman utility by running: /IHS root/bin/ikeyman.sh
     
     
2. From the Menu Bar select Key Database File > New.
   
3. Enter a file name for the new key database file you are creating.
   
4. Enter a Location for the location on the hard drive where you want to store the .kdb file. On Windows, this is usually the /IBM Http Server/ssl directory.
   
5. Click OK.
   
   
   
   After saving the key database file to the location specified, you are prompted to enter a password. This is the password that will be used to open the key database file in iKeyman in the future.
   
6. Select the checkbox Stash the password to a file? This encrypts the password and saves the file as a .sth file in the same directory as the key database file.
   
   
   
7. Click OK.

How do I create a new "Certificate Request" to send to a CA (for example, Verisign)?

1. Open the key database file (.kdb) using the iKeyman utility.
   
2. In the middle of the iKeyman GUI you will see a section called Key database content.
   
   
   
3. Click on the "down arrow" to the right, to display a list of three choices.
   
4. Select Personal Certificate Requests.
   
   
   
5. From the Personal Certificate Requests section, click New.
   
   
   
6. Key Label= (The name you want to give the certificate to identify it in IKEYMAN.
   
   Note: Using the SiteName (for example, www.robo.com) as the label is a good practice.
   
   
   
7. Key Size= (2048bit, 1024bit or 56bit)
   
   
   
   Note: If the 2048 bit Key Size does not appear in the drop down list, refer to technote Unable to create a certificate request with key size greater then 1024 to resolve the issue
   
8. Common Name= (SiteName, for example, www.robo.com)
   
   Note: This is the name that the CA will register, so it is important it matches the actual SiteName
   
9. Organization= (Company Name)
   
10. "Enter the name of a file in which to store the certificate request"
    
    Note: This is the file (.arm) that will contain your request. It is a simple text file that can be opened in any text editor. The information contained in this file is what the CA (ex. Verisign) needs you to provide them.
    
    *Saving this file(.arm) in the same directory as the (.kdb) file is recommended.
    
    
    
11. Once you save the file (.arm) you are done with creating the request.
    
    
    
12. You must now choose a CA and follow the CA's instructions for sending them a the "Certificate Request"

How do I receive the Certificate into the Key Database File (.kdb) file after getting it back from the CA?
Note: CAs usually send back an email with the certificate information provided as text in the email.

1. Take the information provided in the email and copy it into a text file. Save the text file with a .cert extension or .arm extension.
   
2. Open the .kdb file using the iKeyman utility.
   
3. In the middle of the iKeyman GUI you will see a section called Key database content.
   
4. Click on the "down arrow" to the right, to display a list of three choices.
   
5. Select Personal Certificates.
   
   
   
6. From the Personal Certificates section, click Receive.
   
   
   
7. Data Type= (Leave the default of "Base64-encoded ASCII data")
   
   
   
8. Browse to the directory that contains the .cert or .arm file
   
9. Highlight the file and click Open.
   
   
   
10. Now click OK on this dialog box: