Step 3: Create the SSL key database.

In order to communicate with a DCAS server, an SSL connection must be established using client authentication. This requires you to create a key database file, for example, HODDCAS.p12. To create the file, use the Host On-Demand Certificate Management GUI on Windows and AIX platforms, or use a P12 keyring tool for other platforms. This key database file must contain the DCAS client's personal certificate and the DCAS server's certificate (public key) information. Also, the DCAS client certificate must be added/imported to the DCAS server's keyring for SSL client authentication.

top Graphic Image
 For more information about creating this key database file, refer to the Planning, Installing, and Configuring Host On-Demand guide, which is located in the Host On-Demand Information Center at Start > Programs > IBM Rational Host On-Demand > Information Center.
To create a keyring database called HODDCAS.p12 file that will be specified in the CMPI_DCAS_KEYRING_FILE parameter in your web.xml file, take the following steps on a Windows machine:
  1. Click Start > Programs > IBM Rational Host On-Demand > Administration > Certificate Management.
  2. Click Key Database File > New. For the Key database type, select PKCS12. For File Name, type HODDCAS.p12. For Location, type C:\Program Files\IBM\Host On-Demand.

    top Graphic Image
    		 You may choose a different name and location, if you prefer.
  3. Click OK.
  4. Type the password and make a note of it.
  5. Click OK.
  6. Add the DCAS's certificate to the key database. Be sure that the key database content is for the signer certificate. If it is not, select the pull-down menu and change it. Then select Add.
  7. Select Binary DER data for the data type. If the server certificate is in ASCII format, select Base64-encoded ASCII data.
  8. Type the file name in the For Certificate File Name field.
  9. Type the path name in the Location field.
  10. Click OK.
  11. Enter a label for the certificate and click OK.
  12. Add the DCAS client's certificate to the key database.
  13. Change the Key database content to Personal Certificates and click Export/Import.
  14. Select Import Key as the Action Type.
  15. Select PKCS12 for the Key file type.
  16. Type the client certificate's p12 file name in the File Name field and the path name in the Location field.
  17. Click OK and enter the client certificate PIN.
  18. Click OK.
  19. Exit the Certificate Management GUI.