Use the mkkeyserver command to create a key server object.


mkkeyserver -ipip_address [ -portport ] [ -sslcertcertificate_file ] [ -name ] [ -primary ]


(Required) Specifies the key server's IP address. The value must be in the form of a standard Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) address.
(Optional) Specifies the key server's TCP/IP port. The value must be a number 1 - 65535. The default value is the same as the default port used for key servers of the currently enabled type.
(Optional) Specifies the key server's self-signed certificate. The value must be a file path string.
(Optional) Specifies the key server object name. The value must be an alphanumeric string.
(Optional) Specifies the primary key server.


This command creates a key server object.

The primary key server object is created by specifying -primary. If key management is enabled, you must use the primary key server object to create keys.

Note: When a primary key server is configured, that key server must be defined before a rekey operation occurs. A primary object (such as a server) can be configured at any time when a defined primary server is present. When you create keys, the system uses the key server that is configured as the primary key server. For multi-master key server configurations, any key server can be selected as the primary. A rekey operation without a defined primary key server fails.

When a key server object is created, it is automatically validated. If the validation is not successful, the command fails and an error message is displayed.

An invocation example

mkkeyserver -ip -sslcert /tmp/isklm_public_server_cert.pem -primary

The resulting output:

Key Server, id [0], successfully created

An invocation example

mkkeyserver -ip -name pogba_zibra -sslcert pogba_zibra_system_cert.pem

The resulting output:

Key Server, id [1], successfully created