Home

gsk7cmd syntax

 

+

Search Tips   |   Advanced Search

 

Overview

Syntax:

gsk7cmd.sh [-Dgsk7cmd.properties=my.properties] object action [options]

Examples

List Plugin password expiration:

cd $IHS_HOME
./bin/gsk7cmd -keydb -expiry -db ./Plugins/config/webserver1/plugin-key.kdb

Set key database password and set expiration to two years from today

cd $IHS_HOME
./bin/gsk7cmd -keydb -changepw -db ./Plugins/config/webserver1/plugin-key.kdb -new_pw WebAS -expire 730 -stash

Create a key database using CMS...

cd $IHS_HOME
gsk7cmd -keydb -create -db keydb2.kdb -pw password -type cms -expire 180 -stash

Create a key database using CMS as a Java invocation:

$JAVA_HOME/bin/java [-Dgsk7cmd.properties=my.properties] com.ibm.gsk.ikeyman.gsk7cmd object action [options]

 

Objects and actions

Object	Action	Description
-keydb	-changepw	Change the password for a key database
	-convert	Convert a key database from one format to another
	-create	Create a key database
	-delete	Delete the key database
	-stashpw	Stash the password of a key database into a file
-cert	-add	Add a CA certificate from a file into a key database
	-create	Create a self-signed certificate
	-delete	Delete a CA certificate
	-export	Export a personal certificate and its associated private key from a key database into a PKCS#12 file, or to another key database
	-extract	Extract a certificate from a key database
	-getdefault	Get the default personal certificate
	-import	Import a certificate from a key database or PKCS#12 file
	-list	List all certificates
	-modify	Modify a certificate. (Currently the only field you can modify is the Certificate trust field)
	-receive	Receive a certificate from a file into a key database
	-setdefault	Set the default personal certificate
	-sign	Sign a certificate stored in a file with a certificate stored in a key database and store the resulting signed certificate in a file
-certreq	-create	Create a certificate request
	-delete	Delete a certificate request from a certificate request database
	-details	List the detailed information of a specific certificate request
	-extract	Extract a certificate request from a certificate request database into a file
	-list	List all certificate requests in the certificate request database
	-recreate	Recreate a certificate request
-help		Display help information for the gsk7cmd command
-version		Display gsk7cmd version information

 

gsk7cmd options

Option	Description
dB	Fully qualified path name of a key database
-default_cert	Sets a certificate to use as the default certificate for client authentication (yes or no). Default is no.
-dn	X.500 distinguished name. Input as a quoted string of the following format (only CN, O, and C are required): "CN=Jane Doe,O=IBM,OU=Java Development,L=Endicott, ST=NY,ZIP=13760,C=country"
encryption	Strength of encryption used in certificate export command (strong or weak). Default is strong.
-expire	Expiration time of either a certificate or a database password (in days). Defaults are: 365 days for a certificate and 60 days for a database password.
-file	File name of a certificate or certificate request (depending on specified object).
-format	Format of a certificate... ASCII for Base64_encoded ASCII or binary for Binary DER data Default is ASCII.
-label	Label attached to a certificate or certificate request
-new_format	New format of key database
-new_pw	New database password
-old_format	Old format of key database
-pw	Password for the key database or PKCS#12 file.
-size	Key size (512 or 1024). Default is 1024.
-stash	Indicator to stash the key database password to a file. If specified, the password will be stashed in a file.
-target	Destination file or database
-target_pw	Password for the key database if -target specifies a key database.
-target_type	Type of database specified by -target operand (see -type)
-trust	Trust status of a CA certificate (enable or disable). Default is enable.
-type	Type of database. Allowable values are... CMS CMS key database webdb keyring sslight SSLight .class pkcs12 PKCS#12 file
-x509version	Version of X.509 certificate to create (1, 2 or 3). Default is 3.

 

Configure SSL between browser and web server

1. On web server machine, create directory...

   d:/IBM/HTTPServer/conf/keys

2. Create a self-signed certificate...

   cd d:/IBM/HTTPServer/conf/keys

   gsk7cmd -keydb -create -db clientdkey.kdb -pw password -type cms -expire 360 -stash

   gsk7cmd -cert -create -db clientdkey.kdb -pw password -size 1024 -dn "CN=hostname,O=clientd,OU=IBM HTTP Server,ST=OH,C=US" -label HTTPCert -default_cert yes -expire 360

3. Edit...

   IHS_HOME/conf/httpd.conf

   ...and add the following lines to the bottom of the file:

   LoadModule  ibm_ssl_module   modules/mod_ibm_ssl.so
   Listen 443
   <VirtualHost  Fully.Qualified.Host.Name:443>
       ServerName  Fully.Qualified.Host.Name
       DocumentRoot d:\ibm\HTTPServer\htdocs
       SSLEnable
       SSLClientAuth  required
   </VirtualHost>
   SSLDisable
   Keyfile d:/ibm/HTTPServer/conf/keys/clientdkey.kdb
   

4. Cycle the web server and test your connection using https

---

 

Related tasks

Manage keys with gsk7cmd