{"id":5139,"date":"2015-08-16T20:19:24","date_gmt":"2015-08-16T12:19:24","guid":{"rendered":"http:\/\/rmohan.com\/?p=5139"},"modified":"2015-08-16T20:21:22","modified_gmt":"2015-08-16T12:21:22","slug":"gsk7cmd","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=5139","title":{"rendered":"gsk7cmd"},"content":{"rendered":"

SSL Commands using GSK<\/p>\n

======================
\nexport PATH=\/opt\/IBMJava\/bin:\/usr\/local\/ibm\/gsk7\/bin:$PATH
\nexport
\nCLASSPATH=\/usr\/local\/ibm\/gsk7\/classes\/cfwk.zip:\/usr\/local\/ibm \/gsk7\/classes\/gsk7cls.jar:$CLASSPATH<\/p>\n

Any GSK cmd can be executed using:
\n==================================
\njava com.ibm.gsk.ikeyman.ikeycmd command<\/p>\n

Creating a new key DB with password:
\n====================================
\ngsk7cmd -keydb -create -db <filename> -pw <password> -type <cms | jks |
\njceks | pks12> -expire <days> -stash<\/p>\n

Creating a new key DB without the password:
\n===========================================
\ngsk7cmd -keydb -create -db <filename> -type <cms | jks | jceks | pks12><\/p>\n

Changing the password: (stashing the passwords are done for the cms
\ndatabase only)
\n======================
\ngsk7cmd -keydb -changepw -db <filename>.kdb -pw <password> -new_pw
\n<new_password> -expire <days> -stash<\/p>\n

Displaying the expiry dates of the certs:(for the cms database only…value
\nof ‘0’ means the password is not expiring)
\n=========================================
\ngsk7cmd -keydb -expiry -db filename.kdb -pw password<\/p>\n

Listing all the certs:
\n======================
\ngsk7cmd -cert -list <CA | personal> -db <kdb-file> -pw <password> -type
\n<cms | jks | jceks | pks12><\/p>\n

Exporting the keys from one DB to another:
\n==========================================
\ngsk7cmd -cert -export -db <filename> -pw <password> -label <label> -type
\n<cms | jks | jceks | pkcs12> -target <filename> -target_pw <password>
\n-target_type <cms | jks | jceks | pkcs12><\/p>\n

Importing the certs from one DB to another:
\n===========================================
\ngsk7cmd -cert -import -db|-file <filename> -pw <password> -label <label>]
\n[> -type <cms | JKS | JCEKS | pkcs12> -new_label <label> -target <filename>
\n-target_pw <password> -target_type <cms | JKS | JCEKS | pkcs12>[ ]-pfx]<\/p>\n

Receiving the CA signed cert:
\n=============================
\ngsk7cmd -cert -receive -file <filename> -db <filename> -pw <password>
\n-format <ascii | binary> -label <label> -default_cert <yes | no><\/p>\n

Default key in the DB:
\n======================
\ngsk7cmd -cert -getdefault -db <dbname> -pw <password><\/p>\n

Listing the expired certs:
\n==========================
\ngsk7cmd -cert -list -expiry <days> -db <filename> -pw <paswsword> -type
\n<type><\/p>\n

Showing the entire cert:
\n========================
\ngsk7cmd -cert -details -showOID -db <filename> -pw <password> -label
\n<label><\/p>\n

Storing a CA cert:
\n==================
\ngsk7cmd -cert -details -showOID -db <filename> -pw <password> -label
\n<label><\/p>\n

Create a CMS DB and stash the password:
\n=======================================
\ngsk7cmd -keydb -create -db <path_to_db>\/<db_name> -pw <password> -type cms
\n-expire <days> -stash<\/p>\n

To store the password after a CMS database has been created:
\n============================================================
\ngsk7cmd -keydb -stashpw -db <db_name> -pw <password><\/p>\n

Command line invocation for the CMS database:
\n=============================================
\ngsk7cmd -keydb -changepw -db <filename> -pw <password> -new_pw
\n<new_password> -stash -expire <days><\/p>\n

gsk7cmd -keydb -create -db <filename> -pw <password> -type <cms> -expire
\n<days> -stash<\/p>\n

gsk7cmd -keydb -stashpw -db <filename> -pw <password><\/p>\n

gsk7cmd -cert -getdefault -db <filename> -pw <password><\/p>\n

gsk7cmd -cert -modify -db <filename> -pw <password> -label <label> -trust
\n<enable | disable><\/p>\n

gsk7cmd -cert -setdefault -db <filename> -pw <password> -label <label><\/p>\n

LAZ commands:
\n=============
\nRemoving cert using gsk7cmd (personal or CA)
\ngsk7cmd -cert -delete -db <kdb-file> -pw <password> -label <label><\/p>\n

Importing Personal using gsk7cmd
\ngsk7cmd -cert -import -file <name> -type pkcs12 -target <kdb file>
\n-target_pw <passwd>] -target_type <cms | jks | jceks | pkcs12><\/p>\n

Importing CA using gsk7cmd
\ngsk7cmd -cert -add -db <kdb-file> -pw <passwd> -type <cms | jks | jceks |
\npkcs12> -label <label> -file <name><\/p>\n

Exporting Personal to pcks12 file using gsk7cmd
\ngsk7cmd -cert -export -db <kdb-file> -pw <password> -label <label> -type
\n<cms | pkcs12> -target <filename> -target_pw <password for the filename>
\n-target_type <cms | pkcs12><\/p>\n

Exporting CA to arm file using gsk7cmd
\ngsk7cmd -cert -extract -db <kdb-file> -pw <password> -label <label> -target
\n<filename> -format ascii<\/p>\n

Listing using gsk7cmd
\ngsk7cmd -cert -list <CA | personal> -db <kdb-file> -pw <password><\/p>\n

Listing Details using gsk7cmd
\ngsk7cmd -cert -details -db <kdb-file> -pw <password> -label <label><\/p>\n

creating the cert:
\ngsk7cmd -cert -create -db <filename> -pw <password> -label <label> -dn
\n<distinguished_name> -size <1024 | 512 | 2048> -x509version <3 | 1 | 2>
\n-expire <days> -san_dnsname <DNS name value>[,<DNS name value>]
\n\u2013san_emailaddr <email address value>[,<email address value>] \u2013san_ipaddr
\n<IP address value>[,<IP address value>]<\/p>\n","protected":false},"excerpt":{"rendered":"

SSL Commands using GSK<\/p>\n

====================== export PATH=\/opt\/IBMJava\/bin:\/usr\/local\/ibm\/gsk7\/bin:$PATH export CLASSPATH=\/usr\/local\/ibm\/gsk7\/classes\/cfwk.zip:\/usr\/local\/ibm \/gsk7\/classes\/gsk7cls.jar:$CLASSPATH<\/p>\n

Any GSK cmd can be executed using: ================================== java com.ibm.gsk.ikeyman.ikeycmd command<\/p>\n

Creating a new key DB with password: ==================================== gsk7cmd -keydb -create -db <filename> -pw <password> -type <cms | jks | jceks | pks12> -expire <days> -stash<\/p>\n

Creating a new key DB without the password: […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5139"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5139"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5139\/revisions"}],"predecessor-version":[{"id":5140,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5139\/revisions\/5140"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}