Creating the credential store application on a single Domino® server

Use keymgmt commands at the Domino® server console to set up the credential store for single-server use.

About this task

The console commands described here create the credential store database (credstore.nsf) from the websecuritystore.ntf template. Do not use this template to create the database manually. Do not change the database file name.


  1. From the server console, use the following command to create a named encryption key (NEK) which is added to the server ID file. Domino® uses the key to encrypt the credentials that are stored in the credential store.
    keymgmt create nek <nekname>
    where <nekname is a name you give the key. For example:
    keymgmt create nek credstorekey
  2. Verify that you see a message in the server console log similar to the following one indicating that the key is created successfully:
    [024C:0008-3848] 04/16/2019 05:04:13.06 PM NEK > NEK credstorekey - 
    Fingerprint 44A5 624A 65CD 1771 F274 4779 C7AB 2FE0 9671 BB30
    [024C:0008-3848] NEK credstorekey created successfully
  3. Make a note of the displayed fingerprint for the key.
  4. From the server console, use the following command to create the credential store application and encrypt it using the key you created:
    keymgmt create credstore <nekname>
    For example:
    keymgmt create credstore credstorekey
    Verify that:
    • The fingerprint matches the one you noted in Step 3.
    • The database credstore.nsf is created in the Domino® \data\IBM_CredStore directory.