FreeKB - IBM GSKit (Global Security Kit) command line tool on Linux - Getting Started
IBM GSKit (Global Security Kit) command line tool on Linux - Getting Started

Home > Search


A public certificate and private key pair are used to encrypt packets being transmitted between a client an IBM IHS web server. IBM stores the public certificate and private key in what is called a Key Database. The Key Database is a file that ends with the .kdb extension, and is typically located at ${ihs_home}/conf/example.kdb (Linux). IBMs Global Security Kit (GSKit) command line tool is used to create the Key Database, and to view, export, add, and remove certificates and private keys from the Key Database.

The purpose of this article is to describe how to use the GSKit command line tool. You will want to refer to this article to configure IHS to use SSL.

Be aware that there are a few different ways to create the public certificate and private key in the Key Database file.

  • Using the WebSphere deployment manager (dmgr)
  • Using the Global Security Key command line tool
  • Using iKeyman GUI

When you add a new web server to the dmgr, the Key Database file will automatically be created. The name of the Key Database file will be plugin-key.kdb. In the dmgr, select Security > SSL certificate and key management Key stores and certificates > CMSKeystore, and the location of the plugin-key.kdb file will be displayed.

You can copy the plugin-key.kdb file to the ${ihs_install_root}/conf directory of the IHS web server. Probably the easiest way to get this done is to select Servers > Server Types Web servers > your web server > Plug-in properties, and click on the Copy to Web server key store directory button.

 

When IHS is installed, the GSKit command line tool will also be installed. In this example, version 8 of GSKit is installed, and "gsk8capicmd_64" is the command line tool that is used to create a Key Database, and to view, export, add, and delete public certificates and private keys from a Key Database.

${ihs_install_root}/gsk8/bin/gsk8capicmd_64

 


PATH and LD_LIBRARY_PATH

The PATH and LD_LIBRARY_PATH variables will need to be updated to point to gsk8. One option is to manually update PATH and LD_LIBRARY_PATH before using the gsk command.

export LD_LIBRARY_PATH=/path/to/gsk8/lib64
export PATH=$PATH:/path/to/gsk8/bin

 

Another option is to update your .bash_profile file (Red Hat) with the following. The benefit to this option is that you wouldn't need to manually update PATH and LD_LIBRARY_PATH before using the gsk command.

LD_LIBRARY_PATH=/path/to/gsk8/lib64
PATH=$PATH:/path/to/gsk8/bin
export LD_LIBRARY_PATH
export PATH

 

 

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 2032b in the box below so that we can be sure you are a human.




Comments


December 28th, 2018 by Dave Charles
I didbut unfortunately, I am getting this error - gsk8capicmd_64: cannot execute binary file


December 31st, 2018 by Jeremy (moderator)
If you are getting "cannot execute binary file", I would probably ensure the gsk8capicmd_64 file has the x (execute permission). My gsk8capicmd_64 file has permissions -rwxr-xr-x.


January 1st, 2019 by Dave Charles
My permissions are same as yours : rwxr-xr-x My assumptions is that its a windows binary and hence non-functional on linux


January 1st, 2019 by Dave Charles
I dont know how a windows binary ended up in IHS


January 2nd, 2019 by Jeremy (moderator)
A Windows binary on a Linux system? That seems like all sorts of messed up. Not sure how that came to be. I do know that GSKit is included with IHS so if you installed IHS on Linux then GSKit should be the Linux flavor.