Home

 

Managing keys and certificates

 

To manage keys, certificates, and certificate requests, use one of the following:

The gsk7cmd command

The gsk7cmd command is available on UNIX systems only.

The gsk7cmd command provides functions that are similar to those of the iKeyman GUI, described in WebSphere MQ Security. The gsk7cmd command provides a shell script to run iKeycmd.

The runmqckm command

The runmqckm command is available on Windows systems only.

The runmqckm command provides functions that are similar to those of the iKeyman GUI, described in WebSphere MQ Security.

The gsk7capicmd command

The gsk7capicmd command is available on Windows and UNIX systems.

The gsk7capicmd command provides functions that are similar to those of the iKeyman GUI, described in WebSphere MQ Security. The gsk7capicmd command provides a shell script to run GSKCapiCmd. The command syntax for gsk7capicmd is the same as the syntax for runmqckm.

If we need to manage SSL certificates in a way that is FIPS and Common Criteria compliant, use the gsk7capicmd command instead of the gsk7cmd or runmqckm commands. This is because the gsk7capicmd command supports stronger encryption than the other commands.

Before you run gsk7capicmd on Windows, set your PATH environment variable to include the GSkit binary and library directories. For example, at the command line, enter: 

set PATH=%PATH%;C:\\IBM\gsk7\bin;C:\Program Files\IBM\gsk7\lib

Use the gsk7cmd, runmqckm, and gsk7capicmd commands to do the following:

Both the gsk7cmd and runmqckm commands execute an underlying WebSphere MQ component called iKeycmd. A default properties file, ikeycmd.properties, is provided as a sample file that we can modify.

The gsk7capicmd command executes an underlying WebSphere MQ component called GSKCapiCmd. There is no default properties file provided.

This chapter contains the following sections:

 

Parent topic:

WebSphere MQ control commands


fa16110_


 

Home