Creating a key database file

GSKit stores public and private keys and certificates in a key database. A key database consists of a file with a .kdb extension and up to three other files with *.sth, *.rdb, and .crl extensions. The X.509 certificates that you use to secure connections between nodes must be stored in a key database file. HCL SafeLinx provides a set of default key database files. If you do not want to use an existing key database file, create one using the GSKit.

Your product may have already created a key database. If so, look at the product documentation to find its location. if you don't already have a key database, you need to create and initialize a new one.

  1. Open the command line to create and initialize a new key database.
  2. Run the command gsk8capicmd_64 -keydb -create -populate -db <filename>.kdb -pw <password> -stash

    The -db parameter indicates the file name for the new database. The -pwparameter indicates the password to use to protect the key database file. The -populate parameter in version 8 is optional and tells GSKit to populate the key database with several predefined trusted CA certificates. The -stash parameter tells GSKit to save the specified key database password locally in the .sth file so that it doesn't have to be entered on the command line in the future.

    In the example scenarios, the following key database names are used:

    • server.kdb: Server key database
    • client.kdb: Client key database

      ca.kdb:Certificate Authority key database