FreeKB - IBM Global Security Kit (GSKit) Extract a certificate from a Key Database file
IBM Global Security Kit (GSKit) - Extract a certificate from a Key Database file

Let's say you have a key database file named key.kdb.

ls -l /shared/qmgrs/MANAGER01/ssl/

-rw------- 1 root root 1415 Jun  4  2020 key.kdb

 

Let's say key.kdb contains a certificate named "example.com". Notice example.com is flagged as * (default) and - (personal). This is important. More on this in a moment. Read on.

Certificates found
* default, - personal, ! trusted, # secret key
*- example.com

 

The -extract option can be used to extract the example.com certificate from key.kdb. In this example, the example.com certificate is extracted into a file named example.com.crt.

${install_root}/gsk8/bin/gsk8capicmd_64
-cert
-extract
-db /path/to/key.kdb
-stashed or -pw your_password
-label "example.com"
-target "example.com.crt"

 

The example.com.crt file will have something like this, meaning the file only contains the public certificate.

-----BEGIN CERTIFICATE-----
lkdfjslfkalvkjaadvalvkjavlkjavlkjavlakvjal
alsdkvjasvkljavlakjvakvjalvkjalvkjavlkjavl
lavkjalvkjalvjavjaidjaosdvjiaosvjdoa
-----END CERTIFICATE-----

 

To add the certificate to a key database file, the -add option must be used. When using -add, the certificate will be "trusted" in the kdb, which is to say that the certificate will not be "personal", like this.

If you want the certificate to be "personal", instead of using the -extract option, you will use the -export option.

Certificates found
* default, - personal, ! trusted, # secret key
! example.com

 

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 472ac in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |