Sometimes one is not allowed to use graphical commands in a Linux environment so that you cannot use the “ikeyman” tool to create keyfiles for IBM HTTP Server and import SSL certificates to it. In this article I document the commands to do these tasks from the Linux command line:
Create a key file
/opt/IBM/HTTPServer/bin/gskcmd -keydb -create -db "/opt/IBM/HTTPServer/ssl/key.kdb" -pw demodemo -type cms -expire 3600 -stash
List certificates in a key file
/opt/IBM/HTTPServer/bin/gskcmd -cert -list -db "/opt/IBM/HTTPServer/ssl/key.kdb" -pw myKeyFilePassword -type cms
Import a PKCS12 certificate to a key file
/opt/IBM/HTTPServer/bin/gskcmd -cert -import -db "/opt/IBM/HTTPServer/ssl/mycertificate.p12" -pw myCertificatePassword -label myLabel -type pkcs12 -new_label myLabel -target "/opt/IBM/HTTPServer/ssl/key.kdb" -target_pw myKeyFilePassword -target_type cms
Show the default certificate
/opt/IBM/HTTPServer/bin/gskcmd -cert -getdefault -db "/opt/IBM/HTTPServer/ssl/key.kdb" -pw myKeyFilePassword -type cms
Set the default certificate
/opt/IBM/HTTPServer/bin/gskcmd -cert -setdefault -db "/opt/IBM/HTTPServer/ssl/key.kdb" -pw myKeyFilePassword -type cms -label myLabel