The following instructions will guide you to create csr and import the signed crt in the default kdb of IHS.
Step 1: Finding the Kdb
Step 2: Creation of Csr
Step 3: Certificate request
Step 4: Importing the server certificate
Following command will import the server certificate to the kdb file.
Save the certificate file received from the signing authority as server.crt and execute the following command.
gskcmd -cert -receive -file server.crt -db /opt/IHS/SSL/key.kdb -pw WebAS -label servercertificate -format ascii
This command will import the server certificate.
Step 5: Set the server certificate to default
Following command will make the server certificate as default. When you access the https protocol of the website, The default certificate will be choosen.
gskcmd -cert -setdefault -label servercertificate -db /opt/IBM/HTTPServer/SSL/key.kdb
Step 6: Importing the CA/Intermediate certificate
Along with the server certificate, The signing authority will send the intermediate certificate, This certificate has to be imported to prevent the ssl handshake errors.
Save the Intermediate certificate as rootCAcertificate.crt and execute the following command.
gskcmd -cert -add -file rootCAcertificate.crt -db /opt/IHS/SSL/key.kdb -label primaryCA -pw WebAS -format ascii
Step 7: Populate the certificates
Now add the kdb path in the httpd.conf in ssl module tags and restart the apache server with -DSSL option.
Basic commands of gskcmd to check the certificates:
List the certificates : ./gskcmd -cert -list -db /opt/IHS/SSL/key.kdb
Check the details of the certificates:
./gskcmd -certreq -details -label labelname -db /opt/IHS/SSL/key.kdb
./gskcmd -cert -details -label labelname -db /opt/IHS/SSL/key.kdb
Delete a certificate : ./gskcmd -cert -delete -label labelname -db /opt/IHS/SSL/key.kdb
Extract a certificate : ./gskcmd -cert -extract -db certificate.jks -label labelname -target test_myne.cer -type jks
Date and Time stamp] [error] [client ip] [ds0] [789] SSL0223E: SSL Handshake Failed, No certificate.
./gskcmd -cert -list -db /opt/IHS/SSL/key.kdb
-> Even after this you see the error, Make the certificate as default using the following command.
Now a quick restart of the apache server should resolve the issue.
Recent Comments