Creating a keystore database for the LDAP server's SSL certificate

The IBM® Sametime® Community Server must store a copy of the LDAP SSL trusted root certificate to complete the SSL handshake when making an SSL connection to the LDAP Server. Before you can import the SSL certificate from the IBM Domino® server, use the GSKit and IKeyMan utility to create a keystore file on the Sametime Community Server for storing the certificate.

Before you begin

Complete the procure for Adding CMS/KDB support for the iKeyMan utility.

If you created a key database while completing the Setting up TLS configuration topic, and you use the same settings for server application connections, server connections, client connections, and LDAP community connections, do not complete this procedure. For more information about the setting up the TLS configuration, see Configuring TLS for the Community Server.

About this task

Use the IBM iKeyMan utility to create a keystore database of type "cms" on the IBM Sametime Community Server. The keystore database that you create for storing the LDAP server's SSL certificate is different from the keystore file used for storing the Domino server's SSL certificate and must use a different file name. Create the keystore database by completing the following steps:

Procedure

  1. Start the IBM IKeyMan utility:
    1. Open a command prompt and navigate to the Sametime_install_root/ibm-jre/jre/bin directory.

      The default installation path for Sametime is as follows:

      • AIX®: /local/notesdata
      • Linux™: /local/notesdata
      • Windows™: C:\Program Files\IBM\Domino
      • 64-bit Windows: C:\Program Files (x86)\IBM\Domino
    2. Run the ikeyman.sh or ikeyman.exe program.
  2. From the iKeyMan utility's menu, click Key Database > File > New.
  3. In the New dialog box, fill in the following fields and click OK:
    Table 1. Key database fields and descriptions
    Field Description
    Key database type CMS key database file
    File name key.kdb
    Note: If you enabled the HTTPS protocol, make sure that this keystore database's file name is different from that file name, to avoid conflicts.
    Location Enter the path to the directory where the sametime.ini file is stored. For example:
    • AIX: /local/notesdata
    • Linux: /local/notesdata
    • Windows: C:\Program Files\IBM\Domino
    • 64-bit Windows: C:\Program Files (x86)\IBM\Domino
  4. In the Password dialog box, fill in the following fields and click OK:
    Table 2. Password fields and descriptions
    Field Description
    Password Enter the password you will use for accessing this keystore database.
    Confirm password Confirm the password by typing it again.
    Stash the password to a file? You must click this option to enable it.

Results

The following key files are created in the Sametime directory: key.kdb, key.sth, and key.rdb.