Before you begin
Verify that your cryptographic token device is installed and functions properly. Create a cryptographic token, following the instructions provided by the manual of the cryptographic device.From your cryptographic token device documentation, identify the token library. For example, the IBM 4758 PCI Cryptographic Card uses CRYPTOKI.DLL as the PKCS#11-type token library (see http://www.ibm.com/security/cryptocards/html/library.shtml for details).
Read the documentation located in the http://www.ibm.com/developerworks/java/jdk/security/142/ikmuserguide.pdf file for further information about using the key management utility (iKeyman).
Important: To use iKeyMan for key management with a cryptographic token device, you must edit the ${WAS_INSTALL_ROOT}/java/jre/lib/security/java.security file. Uncomment the line containing com.ibm.crypto.pkcs11.provider.IBMPKCS11.
Why and when to perform this task
You can use the key management utility to open a cryptographic token. Once opened, you can manage your keys and certificates just like you do with keystore and truststore files:Steps for this task
Result
All of the personal and signer certificates are stored on the cryptographic token card. With the token open, you can create or request digital certificates and receive CA-signed certificates.What to do next
Use a cryptographic token device as a key database to manage keys and certificates for an SSL connection. Once the cryptographic token is open, you can add or delete keys and certificates. Configure the cryptographic token settings in WebSphere Application Server.Related tasks
Configuring to use cryptographic tokens
Managing digital certificates
Related reference
Cryptographic token support