Creating a key database file

Before you begin configuring SSL for ZIETrans applications, you must create a key database file, also referred to as a keystore file or truststore file.

To create a new key database file:
  1. Click Start > All Programs > IBM Rational® SDP package group >HCL ZIETrans V1.0 > Certificate Management (where IBM Rational SDP package group is the name of the Rational SDP package group you have installed).
  2. This launches the IBM® Key Management tool.
  3. Click Key Database File > New.
  4. Select PKCS12, JKS, or JCEKS key database file for the key database type.
    Note: PKCS12 is required for secure connections between ZIETrans applications and the Telnet server.
  5. Enter a file name. ZIETrans does not require a particular file name.
  6. Enter a directory name for the Location. ZIETrans does not require a particular directory for creation of the key database file, but the key database file will need to be copied into an Enterprise Archive file (.ear file) in order to deploy an application that uses it.
  7. Click OK.
  8. Enter a password, confirm it, and click OK.
To open an existing key database file:
  1. Click Key Database File > Open.
  2. Select the key database type.
  3. Click Browse to browse for the key database file.
  4. Select the key database file and click Open.
  5. Click OK.
  6. Enter the current password and click OK.
After you have created or opened the key database file, you can:
  • Request a certificate from a predefined well-known certificate authority (CA). This procedure requires less configuration because the key database files are pre-configured with the CA signer certificates required to identify the CAs from whom the server certificate is issued. See Requesting and storing certificates from Certificate Authorities.
  • Request a certificate from an unknown certificate authority. This procedure requires more configuration because you must also obtain and store the CA's signer certificate in the key database file. In addition, you must make the signer certificate available to the SSL partners from which you want to obtain host credentials. See Requesting and storing certificates from Certificate Authorities.
  • Create a self-signed certificate. This procedure does not require a certificate authority and can be used immediately after installing the server. However, the self-signed certificate must be made available to the SSL partners. This procedure can also be used for testing until a certificate is obtained from a certificate authority. See Using a self-signed certificate.
  • Exchange certificates with SSL partners. In some configurations, certificates in the server's key database file must be made available to any SSL partners, such as the Telnet or DCAS server, to enable SSL communications. See Exchanging certificates.
Note: Whenever you change the key database file used by a running ZIETrans application, you must stop and restart the ZIETrans application.