Scope: Referring this document you could create a self signed certificate which could used to setup SSL on IBM HTTP SERVER(IHS) and many other IBM products. the document provides a practical approach with details steps, IBM GSkit has both graphical and text based tools to manage the Certificates and Key Database, this document includes both options. I will update this document to include any special instructions for other versions.
Product and Versions:
* IBM GSKit 7.x
* AIX Platform.
* IBM GSKit 7.x
* AIX Platform.
* Windows Platform.
Acronyms:
* GSKit - IBM GSKit
Acronyms:
* GSKit - IBM GSKit
* SSL - Secure Socket Layer
* KDB - Key Database.
Assumptions:
* IBM GSKit has been installed on AIX or Windows.
Option One: Using Command line tools / Utilities.
Step 1: Login to AIX or Windows machin where GSKit is installed.
Step 4: Create a self signed certificate.
Step 5: Create a Self Signed certificate.
a) Select "personal certificates" from the list and click on "New Self Signed" button.
e) Exit from the gsk7ikm utility.
Summary: In this how-to, you created a KEY database file of type "CMS" and created a self signed certificate by name example.com, when you create a self signed cert an key is generated and a the cert is signed by the same key. you could use this selfsigned cert to enable SSL on IHS and many other IBM products.
Comments welcome!!
Assumptions:
Option One: Using Command line tools / Utilities.
Step 1: Login to AIX or Windows machin where GSKit is installed.
Step 2: Open command prompt for windows or a Login to a shell for AIX.
Step 3: Create a KDB of type CMS, by running the below command.
gsk7cmd -keydb -create -db [Key Database file Name] -pw [password] -type cms -stash
Example:
gsk7cmd -keydb -create -db example.com.kdb -pw somepassword -type cms -stash
Note: Make sure the commands gsk7ikm and java are part of the PATH location and JAVA_HOME variable is set to point to the java installation location.
Step 4: Create a self signed certificate.
gsk7cmd -cert -create -db [KDB file name and path] -pw [password] -type cms -label [unique label within the kdb file] -dn "cn=[domain name]" -size 2048 -default_cert no
Example:
gsk7cmd -cert -create -db example.com.kdb -pw password -type cms -label example.com -dn "cn=example.com" -size 2048 -default_cert no
Option Two: Using Graphical user interface.
Step 1: Login to AIX or Windows machin where GSKit is installed.
Step 2: Open command prompt for windows or a Login to a shell for AIX.
Note: For AIX you should have X server running locally(desktop) where you export the display from AIX to your machine.
Step 3: Launch the IBM GSKit Key Management Tool.
On AIX: 'gsk7ikm' command on AIX
On Windows: Start the IBM Key Management tool from windows START -> Programs -> IBM GSKIT -> IBM Key Management
Note: Make sure the commands gsk7ikm and java are part of the PATH location and JAVA_HOME variable is set to point to the java installation location.
Step 4: Create a KDB of type CMS.
a) Click on "Key Database File" menu and select "new" as shown in the below screen shot.
b) Select the Key Database Type as "CMS" and enter the KDB file name and path where the file to be created and click "OK"
c) Enter the "password" and "confirm password", enable the "stash the password to file option" and click "OK"
Step 5: Create a Self Signed certificate.
a) Select "personal certificates" from the list and click on "New Self Signed" button.
b) Enter the unique "Key Label" and "Common name" as shown below and click "OK"
c) Below you see a new self signed certificate with label 'example.com' has been created.
e) Exit from the gsk7ikm utility.
Summary: In this how-to, you created a KEY database file of type "CMS" and created a self signed certificate by name example.com, when you create a self signed cert an key is generated and a the cert is signed by the same key. you could use this selfsigned cert to enable SSL on IHS and many other IBM products.
Comments welcome!!
No comments:
Post a Comment