The following example shows how to create a sample key database file (‘sample.kdb’) and a password stash file (‘sample.sth’) and import a root CA certificate file (‘root_ca.pem’).
MVSJ:/home/myuserid/certs>
$ ls -l
-rw-r--r-- 1 myuserid mygroup 2021 Sep 10 10:16 root_ca.pem
MVSJ:/home/myuserid/certs>
$ gskkyman
Database Menu
1 - Create new database
1b - Create new empty database
2 - Open database
3 - Change database password
4 - Change database record length
5 - Delete database
6 - Create key parameter file
7 - Display certificate file (Binary or Base64 ASN.1 DER)
11 - Create new token
12 - Delete token
13 - Manage token
14 - Manage token from list of tokens
0 - Exit program
Enter option number: 1 <enter>
Enter key database name (press ENTER to return to menu): sample.kdb <enter>
Enter database password (press ENTER to return to menu): <password> <enter>
Re-enter database password: <same password> <enter>
Enter password expiration in days (press ENTER for no expiration): <enter>
Enter database record length (press ENTER to use 5000): <enter>
Enter 1 for FIPS mode database or 0 to continue: 0 <enter>
Key database /home/myuserid/certs/sample.kdb created.
Press ENTER to continue.
Key Management Menu
Database: /home/myuserid/certs/sample.kdb
Expiration: None
Type: non-FIPS
1 - Manage keys and certificates
2 - Manage certificates
3 - Manage certificate requests
4 - Create new certificate request
5 - Receive requested certificate or a renewal certificate
6 - Create a self-signed certificate
7 - Import a certificate
8 - Import a certificate and a private key
9 - Show the default key
10 - Store database password
11 - Show database record length
0 - Exit program
Enter option number (press ENTER to return to previous menu): 7 <enter>
Enter import file name (press ENTER to return to menu): root_ca.pem <enter>
Enter label (press ENTER to return to menu): Root CA <enter>
Certificate imported.
Press ENTER to continue.
Key Management Menu
Database: /home/myuserid/certs/sample.kdb
Expiration: None
Type: non-FIPS
1 - Manage keys and certificates
2 - Manage certificates
3 - Manage certificate requests
4 - Create new certificate request
5 - Receive requested certificate or a renewal certificate
6 - Create a self-signed certificate
7 - Import a certificate
8 - Import a certificate and a private key
9 - Show the default key
10 - Store database password
11 - Show database record length
0 - Exit program
Enter option number (press ENTER to return to previous menu): 10 <enter>
Database password stored in /home/myuserid/certs/sample.sth.
Press ENTER to continue. <enter>
Key Management Menu
Database: /home/myuserid/certs/sample.kdb
Expiration: None
Type: non-FIPS
1 - Manage keys and certificates
2 - Manage certificates
3 - Manage certificate requests
4 - Create new certificate request
5 - Receive requested certificate or a renewal certificate
6 - Create a self-signed certificate
7 - Import a certificate
8 - Import a certificate and a private key
9 - Show the default key
10 - Store database password
11 - Show database record length
0 - Exit program
Enter option number (press ENTER to return to previous menu): 0 <enter>
MVSJ:/home/hs186016/certs>
$ ls -l
total 136
-rw-r--r-- 1 myuserid mygroup 2021 Sep 10 10:16 root_ca.pem
-rw------- 1 myuserid mygroup 50080 Sep 10 10:17 sample.kdb
-rw------- 1 myuserid mygroup 80 Sep 10 10:17 sample.rdb
-rw------- 1 myuserid mygroup 129 Sep 10 10:17 sample.sth