FreeKB - IBM Global Security Kit (GSKit) Export certificate private key from a Key Database file
IBM Global Security Kit (GSKit) - Export certificate private key from a Key Database file

Let's say you have a key database file named key.kdb.

ls -l /shared/qmgrs/MANAGER01/ssl/

-rw------- 1 root root 1415 Jun  4  2020 key.kdb

 

Let's say key.kdb contains a certificate named "example.com". Notice example.com is flagged as * (default) and - (personal). This is important. More on this in a moment. Read on.

Certificates found
* default, - personal, ! trusted, # secret key
*- example.com

 

There are two similiar flags that can be used, -extract and -export.

  • -export = This is used when you want to export the certificate into a PKCS12 file, such as example.com.p12
  • -extract = This is used when you want to extract the certificate into a .cer, .crt, or .pem file, such as example.com.cer

In this example, the example.com certificate is extracted into a file named example.com.p12.

${install_root}/gsk8/bin/gsk8capicmd_64
-cert
-export
-db /path/to/key.kdb
-stashed or -pw your_password
-label "example.com"
-target "example.com.p12"
-target_pw "any password"

 

To add the certificate to a key database file, the -import option must be used. When using -import, the certificate will be "personal" in the kdb, like this.

If you want the certificate to be "trusted", instead of using the -extract option, you will use the -export option and then the -add option.

Certificates found
* default, - personal, ! trusted, # secret key
- example.com

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 26ef7 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |