IBM HTTP Server

SSL – Certificates

Command line setup for managing SSL Keys

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.ihs.doc/info/ihs/ihs/tihs_gsk7cmd.html

Script to capture the stash password

https://wiki.ppsinfotech.com/img_auth.php/d/d9/Unstash.txt

(Needs to be renamed to unstash.pl and run as perl unstash.pl <location of related stash file>

Be sure to set JAVA_HOME to the jre that is in the IHS directory

export JAVA_HOME=/opt/tst61/HTTPServer/java/jre

To list certificates in a particuler key.kdb directory

/opt/tst61/HTTPServer/./GSKitImage/gsk7bas/gsk7bas/gsk7bas/opt/ibm/gsk7/bin/gsk7cmd -cert -list -db /opt/tst61/HTTPServer/ssl/key.kdb -pw was50

To recieve a personal certificate that was generated by a CA. To recieve this the key.kdb will need to hold the original certificate request

/opt/dev61/HTTPServer/./GSKitImage/gsk7bas/gsk7bas/gsk7bas/opt/ibm/gsk7/bin/gsk7cmd -cert -receive -file /home/ppsrxw/dev.esb.fsa.ed.gov.crt -db /opt/dev61/HTTPServer/ssl/key.kdb -pw was50

To add a paticuler cert to the trusted CA list and call the label ESB_Dev

/opt/tst61/HTTPServer/GSKitImage/gsk7bas/gsk7bas/gsk7bas/opt/ibm/gsk7/bin/gsk7cmd -cert -add -file /home/ppsjxg/test-esb.vdc.ed.gov-sscert.pem -label ESB_Dev -db /opt/tst61/HTTPServer/ssl/key.kdb -pw was50

To Extract the public key for a particuler cert

/opt/dev61/HTTPServer/GSKitImage/gsk7bas/gsk7bas/gsk7bas/opt/ibm/gsk7/bin/gsk7cmd -cert -extract -db /opt/dev61/HTTPServer/ssl/key.kdb -pw was50 -label teach-dev1 -target /home/wasadmin/devStudentLoans.ws.cer -format ascii

To Create a self signed Cert for a particuler site (Using the sites domain name as label and common name)

./gsk7cmd -cert -create -db /opt/dev61/HTTPServer/ssl/key.kdb -pw was50 -label dev.studentloans.ws.ed.gov -dn “CN=dev.studentloans.ws.ed.gov, O=FSA, OU=ITA, C=USA” -expire 999
To export the entire certificate, including the private key, into a pkcs12 file.

./gsk7cmd -cert -export -db /opt/dev61/HTTPServer/ssl/key.kdb -pw was50 -label dev.cod.tsysecom.com -target ~wasadmin/dev.cod.tsyse.com.p12 -target_type pkcs12
Extract the certificate will only extract the public key, while exporting it will export the private key

Leave a comment