Key and certificate management

As noted previously, before configuring SSL you must set up a key database and obtain or create a certificate. Certificates are used to authenticate server identities. Use the IBM Key Management utility (sometimes called iKeyman) to set up your certification files. This utility is part of the GSKit software, which is included with Application Server. GSKit also includes a Java-based graphical interface for opening certificate files.

The following are the basic steps to set up your SSL keys and certificates.

  1. Ensure that GSKit is installed. On most platforms, it is installed automatically with the Caching Proxy component. The name of the package is gsk7ikm (gsk7ikm_gcc295 on Linux systems for i386). The GSKit is usually installed in the ibm/gsk7/ directory (ibm/gskit/ on AIX systems). On Windows platforms, it can also be accessed from the Start menu.
    Note:
    On Windows, if GSKit does not install when using InstallShield, check to make sure the path to the install media directory does not contain a blank space.
  2. Use the key manager to create a key for secure network communications and receive a certificate from a certificate authority. You might decide to create a self-signed certificate while waiting to receive the certificate from the authority.
  3. Create a key database and specify a key database password.
Note:
The key and keystash files are uninstalled whenever Caching Proxy is uninstalled. To avoid having to request a new certificate from a certificate authority, save backup copies of these two files in another directory before uninstalling the proxy software.

On all operating systems except for Linux, if the certificate has expired, Caching Proxy will not start properly, and an error message will display indicating the key database has expired. On Linux, the proxy appears to start but the process quickly disappears and no error message gets generated.

To prevent this problem on Red Hat Enterprise Linux 3.0 systems, ensure that the GCC packages are at the following levels or higher: