Creating the credential store application on a single Domino® server
Use keymgmt
commands at the Domino® server console to set up the credential
store for single-server use.
About this task
The console commands described here create the credential store database (credstore.nsf) from the websecuritystore.ntf template. Do not use this template to create the database manually. Do not change the database file name.
Procedure
-
From the server console, use the following command to create a named encryption key
(NEK) which is added to the server ID file. Domino® uses the key to encrypt the credentials that are stored in the credential
store.
keymgmt create nek <nekname>
where <nekname
is a name you give the key. For example:keymgmt create nek credstorekey
-
Verify that you see a message in the server console log similar to the following one
indicating that the key is created successfully:
[024C:0008-3848] 04/16/2019 05:04:13.06 PM NEK > NEK credstorekey - Fingerprint 44A5 624A 65CD 1771 F274 4779 C7AB 2FE0 9671 BB30 [024C:0008-3848] NEK credstorekey created successfully
- Make a note of the displayed fingerprint for the key.
-
From the server console, use the following command to create the credential store
application and encrypt it using the key you created:
For example:keymgmt create credstore <nekname>
Verify that:keymgmt create credstore credstorekey
- The fingerprint matches the one you noted in Step 3.
- The database credstore.nsf is created in the Domino® \data\IBM_CredStore directory.