The IBM®
Sametime® Community Server must store a copy of the LDAP
SSL trusted root certificate to complete the SSL handshake when making an SSL connection to the LDAP
Server. Before you can import the SSL certificate from the IBM
Domino® server, use the GSKit and IKeyMan utility to
create a keystore file on the Sametime Community Server
for storing the certificate.
Before you begin
Complete the procure for Adding CMS/KDB support for the iKeyMan utility.If you created a key database while completing the Setting up TLS configuration topic, and you
use the same settings for server application connections, server connections, client connections,
and LDAP community connections, do not complete this procedure. For more information about the
setting up the TLS configuration, see Configuring TLS for the Community Server.
About this task
Use the IBM iKeyMan
utility to create a keystore database of type "cms" on the IBM Sametime Community Server.
The keystore database that you create for storing the LDAP server's
SSL certificate is different from the keystore file used for storing
the Domino server's
SSL certificate and must use a different file name. Create the keystore
database by completing the following steps:
Procedure
- Start the IBM IKeyMan
utility:
- Open a command prompt and navigate to the
Sametime_install_root/ibm-jre/jre/bin
directory.
The default installation path for Sametime is as follows:
- AIX®:
/local/notesdata
- Linux™:
/local/notesdata
- Windows™:
C:\Program
Files\IBM\Domino
- 64-bit Windows:
C:\Program
Files (x86)\IBM\Domino
- Run the
ikeyman.sh
or ikeyman.exe
program.
- From the iKeyMan utility's menu, click .
- In the New dialog box, fill in the following fields and
click OK:
Table 1. Key database
fields and descriptions
Field |
Description |
Key database type |
CMS key database file |
File name |
key.kdb Note: If you enabled
the HTTPS protocol, make sure that this keystore database's file name
is different from that file name, to avoid conflicts. |
Location |
Enter the path to the directory where the sametime.ini file
is stored. For example:
- AIX:
/local/notesdata
- Linux:
/local/notesdata
- Windows:
C:\Program
Files\IBM\Domino
- 64-bit Windows:
C:\Program
Files (x86)\IBM\Domino
|
- In the Password dialog box, fill in the following fields
and click OK:
Table 2. Password
fields and descriptions
Field |
Description |
Password |
Enter the password you will use for
accessing this keystore database. |
Confirm password |
Confirm the password by typing it again. |
Stash the password to a file? |
You must click this option to enable it. |
Results
The following key files are created in the Sametime directory: key.kdb, key.sth,
and key.rdb.