Creating the Key Database
With the
gskkyman utility, you can create a key database.
- Procedure
- Execute the
KEYMANcommand in a z/OS shell to start thegskkymanutility.The following screen is displayed for you to choose one of the three functions.
IBM Key Management Utility Choose one of the following options to proceed. 1 - Create new key database 2 - Open key database 3 - Change database password 0 - Exit program Enter your option number: - Enter option
1to create a new key database. - Enter the key database name or press
ENTER to use the default name
key.kdb.
Enter key database name or press ENTER for "key.kdb": ===>
By default, the key database is created in the current working directory with a name of key.kdb. - Enter a password for the key database.
Enter password for the key database.......> ===>
Note: You must remember this password because this is the password used by the Platform Server in the $SSLDB user profile. - Enter the password again for validation.
- Choose whether the password expires.
It is a good practice to use the default value
0by pressing Enter, which indicates that the password does not expire.
ResultThe key database menu is displayed as follows:
Key database menu
Current key database is /u/ibmuser/key.kdb
1 - List/Manage keys and certificates
2 - List/Manage request keys
3 - Create new key pair and certificate request
4 - Receive a certificate issued for your request
5 - Create a self-signed certificate
6 - Store a CA certificate
7 - Show the default key
8 - Import keys
9 - Export keys
10 - List all trusted CAs
11 - Store encrypted database password
0 - Exit program