FreeKB - Import a certificate into a Key Database file
IBM Global Security Kit (GSKit) - Import a certificate into a Key Database file

This assumes you have reviewed Getting Started with IBM Global Security Kit (GSKit) and that you have created a key database.

You can use either the -add or -import options to add a certificate into the Key Database.

  • The -add option can be used when the certificate being added exists in a .cer, .crt, or .pem file. The certificate will be "trusted" in the kdb.
  • The -import option can be used when the certificate being added exists in a .p12 or .pfx file.  The certificate will be "personal" in the kdb.

 

IMPORTANT

When the objective is to update the KDB file to contain the certificate being used by the IHS web server for SSL, -import MUST be used. The reason -import must be used is because the -add option would set the certificate as a "trusted" certificate in the KDB file. The -import option sets the certificate as "personal" in the KDB file. In order for IHS to be able to produce SSL/HTTPS web pages, the certificate being used for SSL must be "personal".  The list option can be used to determine if a certificate is "trusted" or "personal".

Additionally, when the objective is to update the KDB file to contain the certificate being used by the IHS web server for SSL, you typically want to flag the certificate being used for SSL as the default certificate in the KDB file. Technically, this is not required if the httpd.conf file has the "SSLServerCert" directive. Setting the certificate as "default" tells IHS to use the "default" certificate in the KDB file when "SSLServerCert" is not found in the httpd.conf file.

 

Add.

ihs_home/gsk8/bin/gsk8capicmd_64
-cert
-add
-file "source crt cer pem file"
-label "certificate name"
-db "key database kdb file"
-stashed or -target_pw "key database password"

 

Import - Notice the source password is not wrapped in double quotes. Wrapping the source password in double quotes can cause the import to fail.

ihs_home/gsk8/bin/gsk8capicmd_64
-cert
-import
-file "source p12 or pfx file"
-pw source password
-type "source file type - cms | kdb | pkcs7 | pkcs12 | p12"
-target "target file - cms | kdb | pkcs11 | pkcs12 | p12"
-target_pw "target file password" or -stashed
-target_type "target file type - cms | kdb | pkcs11 | pkcs12 | p12"
-label "certificate name in source file"
-new_label "certificate name - optional"

 

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 4247b in the box below so that we can be sure you are a human.




Comments