Use the mkkeyserver command to create a key server
object.
Syntax
mkkeyserver -ipip_address [ -portport ] [ -sslcertcertificate_file ] [ -name ] [ -primary ]
Parameters
- -ipip_address
- (Required) Specifies the key server's IP address. The value must be in the form of a
standard Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6)
address.
- -portport
- (Optional) Specifies the key server's TCP/IP port. The value must be a number 1 - 65535.
The default value is the same as the default port used for key servers of the currently
enabled type.
- -sslcertcertificate_file
- (Optional) Specifies the key server's self-signed certificate. The value must be a file
path string.
- -name
- (Optional) Specifies the key server object name. The value must be an alphanumeric
string.
- -primary
- (Optional) Specifies the primary key server.
Description
This command creates a key server object.
The primary key server object is created by specifying -primary. If key
management is enabled, you must use the primary key server object to create keys.
Note: When a primary key server is configured, that key server must be defined before a rekey
operation occurs. A primary object (such as a server) can be configured at any time when a
defined primary server is present.
When
you create keys, the system uses the key server that is configured as the primary key server.
For multi-master key server configurations, any key server can be selected as the primary. A
rekey operation without a defined primary key server fails.
When a key server object is created, it is automatically validated. If the validation is not
successful, the command fails and an error message is displayed.
An invocation example
mkkeyserver -ip 10.0.1.54 -sslcert /tmp/isklm_public_server_cert.pem -primary
The resulting output:
Key Server, id [0], successfully created
An invocation example
mkkeyserver -ip 9.174.157.3 -name pogba_zibra -sslcert pogba_zibra_system_cert.pem
The resulting output:
Key Server, id [1], successfully created