SECURING
You use Keymgmt commands at the Domino® server console to set up the credential store application (credstore.nsf). When the application is used in a cluster, you also create replicas of it on each server.
About this task
Setting up the application includes the following tasks:
Restriction: Do not use this template to create the database manually.
Tip: The console commands use the abbreviation nek for "named encryption key," which is another term for the document encryption key.
You perform all of the following steps at the Domino server console, and you can check the key fingerprints displayed either in the console itself or in the server console log.
Procedure
1. At the server console for the first Domino server in the cluster, use the keymgmt create nek command to create the document encryption key in the Domino server ID file. For syntax and examples, see the related topics.
2. Take note of the displayed fingerprint for the key, and make sure you see the message: NEK credstorekey created successfully.
3. Use the keymgmt export nek command to create a local file that contains the key. For syntax and examples, see the related topics.
4. Make sure the displayed fingerprint matches the one you made note of in the previous step, and make sure you see the message: NEK credstorekey exported successfully.
5. Copy the key file to all servers in the cluster.
6. At the console on each of the other servers, use the keymgmt import nek command to import the document encryption key from the file you created into the ID file of each server. For syntax and examples, see the related topics.
7. Make sure the displayed fingerprint matches the one you made note of in the previous steps, and make sure you see the message: NEK credstorekey imported successfully.
8. Back on the original server, use the keymgmt create credstore command to create the credential store application and to assign the document encryption key. For syntax and examples, see the related topics.
9. Make sure the displayed fingerprint matches the one you made note of in the previous steps.
10. Make sure the Domino server \datadirectory now has a directory \IBM_CredStore.
11. Make sure credstore.nsf exists in the directory.
12. Create replicas of the credstore.nsf in a\data\IBM_CredStore directory on the rest of the servers in the cluster.
Parent topic: Using a credential store to share credentials Previous topic: Creating the credential store application on a single Domino server Next topic: Moving the credential store application
Related concepts Using a console to send commands to a server
Related reference Keymgmt Create Keymgmt Export Keymgmt Import