The iKeyman utility

The iKeyman utility is a graphical user interface (GUI) based tool that you can use to manage your digital certificates. With iKeyman, you can create a new key database or test a digital certificate, add certificate authority (CA) roots to your database, copy certificates form one database to another, request and receive a digital certificate from a CA, set default keys, and change passwords.

The iKeyman utility is a part of the IBM Java Security Socket Extension package and is shipped with the WebSphere Application Server - Express product. It is recommended that you download the iKeyman utility to a workstation that supports graphical interfaces.

Set up the iKeyman utility

To set up the iKeyman utility to work with your digital certificates, follow these steps:

If you have not already done so, install one of these Java environments on your workstation:
- IBM Developer Kit for Java, Version 1.3 or later
- IBM Runtime Environment, Java Edition, Version 1.3 or later
- Sun Microsystems, Inc. Java 2 Software Development Kit, Version 1.3 or later
- Sun Microsystems, Inc. Java 2 Runtime Environemnt, Version 1.3 or later
Download the iKeyman program files to your workstation.

You can map a network drive to your iSeries system or use file transfer protocol (FTP) to copy the files to your workstation system.

These are the iKeyman program files:
- /QIBM/ProdData/WebASE/ASE5/lib/gskikm.jar
- /QIBM/ProdData/WebASE/ASE5/java/ext/ibmjcefw.jar
- /QIBM/ProdData/WebASE/ASE5/java/ext/ibmjceprovider.jar
- /QIBM/ProdData/WebASE/ASE5/java/ext/ibmpkcs.jar
- /QIBM/ProdData/WebASE/ASE5/java/ext/ibmpkcs11.jar
- /QIBM/ProdData/WebASE/ASE5/java/ext/local_policy.jar
- /QIBM/ProdData/WebASE/ASE5/java/ext/US_export_policy.jar
Place the files in the jre/lib/ext subdirectory of your Java environment product directory. For example, on a Windows 32-bit system:
- C:\Program Files\IBM\Java13\jre\lib\ext
- D:\jdk13\jre\lib\ext
On your workstation, update the java.security file for your Java environment.

The java.security file is located in the jre/lib/security subdirectory of your Java environment. Open the file in a text editor, and look for an entry similar to this one:
```
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.sun.rsajca.Provider
```
Add this line to the end of the entry:
```
  security.provider.3=com.ibm.crypto.provider.IBMJCE
```
If you use PKCS11 hardware cryptography support, also add this entry:
```
  security.provider.4=com.ibm.crypto.pkcs11.provider.IBMPKCS11
```
Save the java.security file.
(Windows workstations only) Create a batch (BAT) file to run iKeyman.

If your workstation is a Windows system, you can create a batch file to start iKeyman. Create a batch file similar to the following:
```
  setlocal
  set JAVA_HOME=java_root
  set PATH=%JAVA_HOME%\jre\bin;%JAVA_HOME%\bin;%PATH%
  java  com.ibm.gsk.ikeyman.Ikeyman
  endlocal
```
where java_root is the root directory of your Java environment, for example, C:\jdk1.3.0_02.

Start the iKeyman utility

If you created a batch file to start iKeyman, run the batch file.

If you did not create a batch file, you can start iKeyman from a prompt by entering the following command:

Open a command prompt on your workstation.
Change to the directory that contains the iKeyman program files. This is java_root/jre/lib/ext, where java_root is the root directory of your Java environment product directories.
If your Java utilities (such as the java command) are not configured in your system path, enter these commands, where java_root is the root directory of your Java environment, for example, C:\jdk1.3.0_02.:
```
  set JAVA_HOME=java_root

  set PATH=%JAVA_HOME%\jre\bin;%JAVA_HOME%\bin;%PATH%
```
Enter this command:
```
  java com.ibm.gsk.ikeyman.Ikeyman
```

Using the iKeyman utility

For more information about using the iKeyman utility, see the iKeyman User Guide, which is located in the WebSphere Application Server - Express product directories: /QIBM/ProdData/WebASE/ASE5/web/docs/ikeyman/ikmuserguide.pdf