The following example shows how to create a sample key database file (‘sample.kdb’) and a password stash file (‘sample.sth’) and import a root CA certificate file (‘root_ca.pem’).
MVSJ:/home/myuserid/certs> $ ls -l -rw-r--r-- 1 myuserid mygroup 2021 Sep 10 10:16 root_ca.pem MVSJ:/home/myuserid/certs> $ gskkyman Database Menu 1 - Create new database 1b - Create new empty database 2 - Open database 3 - Change database password 4 - Change database record length 5 - Delete database 6 - Create key parameter file 7 - Display certificate file (Binary or Base64 ASN.1 DER) 11 - Create new token 12 - Delete token 13 - Manage token 14 - Manage token from list of tokens 0 - Exit program Enter option number: 1 <enter> Enter key database name (press ENTER to return to menu): sample.kdb <enter> Enter database password (press ENTER to return to menu): <password> <enter> Re-enter database password: <same password> <enter> Enter password expiration in days (press ENTER for no expiration): <enter> Enter database record length (press ENTER to use 5000): <enter> Enter 1 for FIPS mode database or 0 to continue: 0 <enter> Key database /home/myuserid/certs/sample.kdb created. Press ENTER to continue. Key Management Menu Database: /home/myuserid/certs/sample.kdb Expiration: None Type: non-FIPS 1 - Manage keys and certificates 2 - Manage certificates 3 - Manage certificate requests 4 - Create new certificate request 5 - Receive requested certificate or a renewal certificate 6 - Create a self-signed certificate 7 - Import a certificate 8 - Import a certificate and a private key 9 - Show the default key 10 - Store database password 11 - Show database record length 0 - Exit program Enter option number (press ENTER to return to previous menu): 7 <enter> Enter import file name (press ENTER to return to menu): root_ca.pem <enter> Enter label (press ENTER to return to menu): Root CA <enter> Certificate imported. Press ENTER to continue. Key Management Menu Database: /home/myuserid/certs/sample.kdb Expiration: None Type: non-FIPS 1 - Manage keys and certificates 2 - Manage certificates 3 - Manage certificate requests 4 - Create new certificate request 5 - Receive requested certificate or a renewal certificate 6 - Create a self-signed certificate 7 - Import a certificate 8 - Import a certificate and a private key 9 - Show the default key 10 - Store database password 11 - Show database record length 0 - Exit program Enter option number (press ENTER to return to previous menu): 10 <enter> Database password stored in /home/myuserid/certs/sample.sth. Press ENTER to continue. <enter> Key Management Menu Database: /home/myuserid/certs/sample.kdb Expiration: None Type: non-FIPS 1 - Manage keys and certificates 2 - Manage certificates 3 - Manage certificate requests 4 - Create new certificate request 5 - Receive requested certificate or a renewal certificate 6 - Create a self-signed certificate 7 - Import a certificate 8 - Import a certificate and a private key 9 - Show the default key 10 - Store database password 11 - Show database record length 0 - Exit program Enter option number (press ENTER to return to previous menu): 0 <enter> MVSJ:/home/hs186016/certs> $ ls -l total 136 -rw-r--r-- 1 myuserid mygroup 2021 Sep 10 10:16 root_ca.pem -rw------- 1 myuserid mygroup 50080 Sep 10 10:17 sample.kdb -rw------- 1 myuserid mygroup 80 Sep 10 10:17 sample.rdb -rw------- 1 myuserid mygroup 129 Sep 10 10:17 sample.sth