During an installation of IBM Tivoli Directory Server (TDS) I needed to use the iKeyman tool which was delivered with TDS. Unfortunately this version of the tool does not include the capability to support CMS keystores. In order to correct this you need to do the following steps:
- Edit the file /opt/IBM/ldap/V6.3/java/jre/lib/security/java.security
- Find the list of security providers in the file (lines starting with “security.provider.x=”)
- Add a new line “security.provider.x=com.ibm.security.cmskeystore.CMSProvider “
- (if the last line is security.provider.9=……. you need to specifiy “security.provider.10=…. etc.)
- Save the file and restart iKeyman
You now should be able to see “CMS” as the keystore type.