May 2024
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

Categories

May 2024
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
«  
  »

gsk7cmd

SSL Commands using GSK

======================
export PATH=/opt/IBMJava/bin:/usr/local/ibm/gsk7/bin:$PATH
export
CLASSPATH=/usr/local/ibm/gsk7/classes/cfwk.zip:/usr/local/ibm /gsk7/classes/gsk7cls.jar:$CLASSPATH

Any GSK cmd can be executed using:
==================================
java com.ibm.gsk.ikeyman.ikeycmd command

Creating a new key DB with password:
====================================
gsk7cmd -keydb -create -db <filename> -pw <password> -type <cms | jks |
jceks | pks12> -expire <days> -stash

Creating a new key DB without the password:
===========================================
gsk7cmd -keydb -create -db <filename> -type <cms | jks | jceks | pks12>

Changing the password: (stashing the passwords are done for the cms
database only)
======================
gsk7cmd -keydb -changepw -db <filename>.kdb -pw <password> -new_pw
<new_password> -expire <days> -stash

Displaying the expiry dates of the certs:(for the cms database only…value
of ‘0’ means the password is not expiring)
=========================================
gsk7cmd -keydb -expiry -db filename.kdb -pw password

Listing all the certs:
======================
gsk7cmd -cert -list <CA | personal> -db <kdb-file> -pw <password> -type
<cms | jks | jceks | pks12>

Exporting the keys from one DB to another:
==========================================
gsk7cmd -cert -export -db <filename> -pw <password> -label <label> -type
<cms | jks | jceks | pkcs12> -target <filename> -target_pw <password>
-target_type <cms | jks | jceks | pkcs12>

Importing the certs from one DB to another:
===========================================
gsk7cmd -cert -import -db|-file <filename> -pw <password> -label <label>]
[> -type <cms | JKS | JCEKS | pkcs12> -new_label <label> -target <filename>
-target_pw <password> -target_type <cms | JKS | JCEKS | pkcs12>[ ]-pfx]

Receiving the CA signed cert:
=============================
gsk7cmd -cert -receive -file <filename> -db <filename> -pw <password>
-format <ascii | binary> -label <label> -default_cert <yes | no>

Default key in the DB:
======================
gsk7cmd -cert -getdefault -db <dbname> -pw <password>

Listing the expired certs:
==========================
gsk7cmd -cert -list -expiry <days> -db <filename> -pw <paswsword> -type
<type>

Showing the entire cert:
========================
gsk7cmd -cert -details -showOID -db <filename> -pw <password> -label
<label>

Storing a CA cert:
==================
gsk7cmd -cert -details -showOID -db <filename> -pw <password> -label
<label>

Create a CMS DB and stash the password:
=======================================
gsk7cmd -keydb -create -db <path_to_db>/<db_name> -pw <password> -type cms
-expire <days> -stash

To store the password after a CMS database has been created:
============================================================
gsk7cmd -keydb -stashpw -db <db_name> -pw <password>

Command line invocation for the CMS database:
=============================================
gsk7cmd -keydb -changepw -db <filename> -pw <password> -new_pw
<new_password> -stash -expire <days>

gsk7cmd -keydb -create -db <filename> -pw <password> -type <cms> -expire
<days> -stash

gsk7cmd -keydb -stashpw -db <filename> -pw <password>

gsk7cmd -cert -getdefault -db <filename> -pw <password>

gsk7cmd -cert -modify -db <filename> -pw <password> -label <label> -trust
<enable | disable>

gsk7cmd -cert -setdefault -db <filename> -pw <password> -label <label>

LAZ commands:
=============
Removing cert using gsk7cmd (personal or CA)
gsk7cmd -cert -delete -db <kdb-file> -pw <password> -label <label>

Importing Personal using gsk7cmd
gsk7cmd -cert -import -file <name> -type pkcs12 -target <kdb file>
-target_pw <passwd>] -target_type <cms | jks | jceks | pkcs12>

Importing CA using gsk7cmd
gsk7cmd -cert -add -db <kdb-file> -pw <passwd> -type <cms | jks | jceks |
pkcs12> -label <label> -file <name>

Exporting Personal to pcks12 file using gsk7cmd
gsk7cmd -cert -export -db <kdb-file> -pw <password> -label <label> -type
<cms | pkcs12> -target <filename> -target_pw <password for the filename>
-target_type <cms | pkcs12>

Exporting CA to arm file using gsk7cmd
gsk7cmd -cert -extract -db <kdb-file> -pw <password> -label <label> -target
<filename> -format ascii

Listing using gsk7cmd
gsk7cmd -cert -list <CA | personal> -db <kdb-file> -pw <password>

Listing Details using gsk7cmd
gsk7cmd -cert -details -db <kdb-file> -pw <password> -label <label>

creating the cert:
gsk7cmd -cert -create -db <filename> -pw <password> -label <label> -dn
<distinguished_name> -size <1024 | 512 | 2048> -x509version <3 | 1 | 2>
-expire <days> -san_dnsname <DNS name value>[,<DNS name value>]
–san_emailaddr <email address value>[,<email address value>] –san_ipaddr
<IP address value>[,<IP address value>]

August 16th, 2015 | Category: Websphere

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>