Creating the credential store application on a single Domino® server

You use Keymgmt commands at the Domino® server console to set up the credential store application (credstore.nsf).

About this task

Setting up the application includes the following tasks:
  • creating the document encryption key in the Domino® server's ID file
  • creating the credential store application and assigning the document encryption key to it
  • checking whether the store exists and includes the document encryption key
The console commands create the application from the websecuritystore.ntf template.
Restriction: Do not use this template to create the database manually.
Tip: The console commands use the abbreviation nek for named encryption key, which is another term for the document encryption key.


  1. At the Domino® server console, use the keymgmt create nek command to create the document encryption key in the Domino® server ID file. For syntax and examples, see the related topics.
  2. Check the server console log and make sure you see the following message:
    NEK credstorekey created successfully
  3. Make note of the displayed fingerprint for the key.
  4. Use the keymgmt create credstore command to create the credential store application and assign the document encryption key.
  5. Make sure the displayed fingerprint matches the one you made note of in the previous step.
  6. Make sure the Domino® server \data directory now has a directory \IBM_CredStore.
  7. Make sure credstore.nsf exists in the directory.