A public certificate and private key pair are used to encrypt packets being transmitted between a client and server. IBM stores the public certificate and private key in what is called a Key Database. The Key Database is a file that ends with the .kdb extension, such as ssl.kdb.

IBMs Global Security Kit (GSKit) command line tool is used to create the Key Database, and to view, export, add, and remove certificates and private keys from the Key Database. Or, the iKeyman GUI could be used instead.

When IHS is installed, version 8 of the GSKit command line tool will be included. By default, the GSKit command line tool is located at:

${install_root}/gsk8/bin/gsk8capicmd_64

When MQ is installed, version 8 of the GSKit command line tool will be included. By default, the GSKit command line tool is located at:

${install_root}/gskit8/bin/gsk8capicmd_64

PATH and LD_LIBRARY_PATH

The PATH and LD_LIBRARY_PATH variables will need to be updated to point to gsk8. One option is to manually update PATH and LD_LIBRARY_PATH before using the gsk command.

export LD_LIBRARY_PATH=/path/to/gsk8/lib64
export PATH=$PATH:/path/to/gsk8/bin

Another option is to update your .bash_profile file (Red Hat) with the following. The benefit to this option is that you wouldn't need to manually update PATH and LD_LIBRARY_PATH before using the gsk command.

LD_LIBRARY_PATH=/path/to/gsk8/lib64
PATH=$PATH:/path/to/gsk8/bin
export LD_LIBRARY_PATH
export PATH

• Create Key Database
• List certificates and private keys in a Key Database
• Display certificate details
• Create a self signed certificate
• Create a new private key
• Import a certificate
• Export a certificate and private key
• Delete a certificate
• Flag a certificate as the default certificate