Creating the Key Database

With the gskkyman utility, you can create a key database.

Procedure

  1. Execute the KEYMAN command in a z/OS shell to start the gskkyman utility.
    The following screen is displayed for you to choose one of the three functions. 
                                                         
            IBM Key Management Utility               
                                                     
Choose one of the following options to proceed.      
                                                     
   1  - Create new key database                      
   2  - Open key database                            
   3  - Change database password                     
                                                     
   0  - Exit program                                 
                                                     
Enter your option number:
  2. Enter option 1 to create a new key database.
  3. Enter the key database name or press ENTER to use the default name key.kdb. 
    Enter key database name or press ENTER for "key.kdb": 
 ===>
    By default, the key database is created in the current working directory with a name of key.kdb.
  4. Enter a password for the key database. 
    Enter password for the key database.......>    
===>
    Note: You must remember this password because this is the password used by the platform server in the $SSLDB user profile.
  5. Enter the password again for validation.
  6. Choose whether the password expires.
    It is good practice that you take the default value 0 by hitting enter, which indicates that the password does not expire.

Result

The key database menu is displayed as following. 
 Key database menu                                                                                            
                                                                                                                         
Current key database is /u/ibmuser/key.kdb                                                                               
                                                                                                                         
1  - List/Manage keys and certificates                                                                              
2  - List/Manage request keys                                                                                       
3  - Create new key pair and certificate request                                                                    
4  - Receive a certificate issued for your request                                                                  
5  - Create a self-signed certificate                                                                               
6  - Store a CA certificate                                                                                         
7  - Show the default key                                                                                           
8  - Import keys                                                                                                    
9  - Export keys                                                                                                    
10  - List all trusted CAs                                                                                           
11  - Store encrypted database password                                                                              
                                                                                                                         
0  - Exit program