I had diffculties to configure TLS on IBM Tivoli Directory Server, because of the certificate manager provided with GSKit, that did not support .kdb files used by ITDS. Here is some information on how to configure GSKit to handle .kdb files, then how to use your newly created certificate with ITDS.