SSL Commands using GSK
======================
export PATH=/opt/IBMJava/bin:/usr/local/ibm/gsk7/bin:$PATH
export
CLASSPATH=/usr/local/ibm/gsk7/classes/cfwk.zip:/usr/local/ibm /gsk7/classes/gsk7cls.jar:$CLASSPATH
Any GSK cmd can be executed using:
==================================
java com.ibm.gsk.ikeyman.ikeycmd command
Creating a new key DB with password:
====================================
gsk7cmd -keydb -create -db <filename> -pw <password> -type <cms | jks |
jceks | pks12> -expire <days> -stash
Creating a new key DB without the password:
===========================================
gsk7cmd -keydb -create -db <filename> -type <cms | jks | jceks | pks12>
Changing the password: (stashing the passwords are done for the cms
database only)
======================
gsk7cmd -keydb -changepw -db <filename>.kdb -pw <password> -new_pw
<new_password> -expire <days> -stash
Displaying the expiry dates of the certs:(for the cms database only…value
of ‘0’ means the password is not expiring)
=========================================
gsk7cmd -keydb -expiry -db filename.kdb -pw password
Listing all the certs:
======================
gsk7cmd -cert -list <CA | personal> -db <kdb-file> -pw <password> -type
<cms | jks | jceks | pks12>
Exporting the keys from one DB to another:
==========================================
gsk7cmd -cert -export -db <filename> -pw <password> -label <label> -type
<cms | jks | jceks | pkcs12> -target <filename> -target_pw <password>
-target_type <cms | jks | jceks | pkcs12>
Importing the certs from one DB to another:
===========================================
gsk7cmd -cert -import -db|-file <filename> -pw <password> -label <label>]
[> -type <cms | JKS | JCEKS | pkcs12> -new_label <label> -target <filename>
-target_pw <password> -target_type <cms | JKS | JCEKS | pkcs12>[ ]-pfx]
Receiving the CA signed cert:
=============================
gsk7cmd -cert -receive -file <filename> -db <filename> -pw <password>
-format <ascii | binary> -label <label> -default_cert <yes | no>
Default key in the DB:
======================
gsk7cmd -cert -getdefault -db <dbname> -pw <password>
Listing the expired certs:
==========================
gsk7cmd -cert -list -expiry <days> -db <filename> -pw <paswsword> -type
<type>
Showing the entire cert:
========================
gsk7cmd -cert -details -showOID -db <filename> -pw <password> -label
<label>
Storing a CA cert:
==================
gsk7cmd -cert -details -showOID -db <filename> -pw <password> -label
<label>
Create a CMS DB and stash the password:
=======================================
gsk7cmd -keydb -create -db <path_to_db>/<db_name> -pw <password> -type cms
-expire <days> -stash
To store the password after a CMS database has been created:
============================================================
gsk7cmd -keydb -stashpw -db <db_name> -pw <password>
Command line invocation for the CMS database:
=============================================
gsk7cmd -keydb -changepw -db <filename> -pw <password> -new_pw
<new_password> -stash -expire <days>
gsk7cmd -keydb -create -db <filename> -pw <password> -type <cms> -expire
<days> -stash
gsk7cmd -keydb -stashpw -db <filename> -pw <password>
gsk7cmd -cert -getdefault -db <filename> -pw <password>
gsk7cmd -cert -modify -db <filename> -pw <password> -label <label> -trust
<enable | disable>
gsk7cmd -cert -setdefault -db <filename> -pw <password> -label <label>
LAZ commands:
=============
Removing cert using gsk7cmd (personal or CA)
gsk7cmd -cert -delete -db <kdb-file> -pw <password> -label <label>
Importing Personal using gsk7cmd
gsk7cmd -cert -import -file <name> -type pkcs12 -target <kdb file>
-target_pw <passwd>] -target_type <cms | jks | jceks | pkcs12>
Importing CA using gsk7cmd
gsk7cmd -cert -add -db <kdb-file> -pw <passwd> -type <cms | jks | jceks |
pkcs12> -label <label> -file <name>
Exporting Personal to pcks12 file using gsk7cmd
gsk7cmd -cert -export -db <kdb-file> -pw <password> -label <label> -type
<cms | pkcs12> -target <filename> -target_pw <password for the filename>
-target_type <cms | pkcs12>
Exporting CA to arm file using gsk7cmd
gsk7cmd -cert -extract -db <kdb-file> -pw <password> -label <label> -target
<filename> -format ascii
Listing using gsk7cmd
gsk7cmd -cert -list <CA | personal> -db <kdb-file> -pw <password>
Listing Details using gsk7cmd
gsk7cmd -cert -details -db <kdb-file> -pw <password> -label <label>
creating the cert:
gsk7cmd -cert -create -db <filename> -pw <password> -label <label> -dn
<distinguished_name> -size <1024 | 512 | 2048> -x509version <3 | 1 | 2>
-expire <days> -san_dnsname <DNS name value>[,<DNS name value>]
–san_emailaddr <email address value>[,<email address value>] –san_ipaddr
<IP address value>[,<IP address value>]
Recent Comments