Recommended task summary

The following table lists the recommended workflow for setting up and maintaining keys and signed certificates when using the sslcmd menu.

Task summary: implementing keys and signed certificates

Workflow	Specific tasks
Create an SSL key database	create an SSL key database (see below)
Set up a signed certificate	Installing a trusted root authority certificate
	Generating public-private key pairs
	Creating a certificate signing request
	Installing the signed certificate
Create key database files	create key database files for Control-M/EM, Control-M/Server, and Control-M/Agent
Performing maintenance	view information about CA certificates (see Maintaining certificates)
	delete a trusted root authority certificate (see Maintaining certificates)
	delete a public-private key pair and certificate (see Maintaining certificates)
	install a new certificate revocation list (CRL) (see Maintaining certificates)
	change the key database password (see Maintaining certificates)
	export a key pair (see Maintaining certificates)

To create an SSL key database

At the command line of the directory where you want the database to be, enter sslcmd -k keyfile_name, replacing keyfile_name with the name of the key database to be created.
Because the new database does not exist yet, a message indicates that the file cannot be found.
Enter a password (eight or more characters) for the new database.
When prompted, retype the password.
A key database with the specified name is created. The sslcmd utility menu displays the actions that you can perform with the new key database.

NOTE: After creating the key database, always use the same keyfile name on the sslcmd command line. The database can be accessed only by using the password that you specified.