Import a certificate of a key database that is created
with an earlier version of GSKCapiCmd commands
to another key database with a later version of GSKCapiCmd commands.
Before you begin
To export a certificate from a source computer and to import
the certificate on a target computer, the following conditions must
be met:
- The source computer must contain an earlier version of IBM® Global Security Kit (GSKit).
- The target computer must contain a later version of IBM Global Security Kit. IBM Security
Directory Server,
version 6.3.1 requires IBM Global Security Kit,
version 8.0.14.26 or later.
About this task
If you have a valid key database file with a certificate created with an earlier version of
GSKCapiCmd commands, export the certificate to a target computer.
Reuse the certificate with a key database file created with later version of
GSKCapiCmd commands to resolve compatibility issues with later version of
IBM Global Security Kit.
Procedure
- Log in as a directory server instance owner to the computer
that contains an earlier version GSKit. For example, GSKit, version
7.
- To create a CMS key database, run the
following command:
Note: If your computer contains 32-bit
GSKit, use the gsk7capicmd command. If your computer
contains 64-bit GSKit, use the gsk7capicmd_64 command.
gsk7capicmd -keydb -create -db source.kdb -pw myPwd123 -type cms
-expire 1000 -stash -fips
- To create a self-signed certificate with a key size of 2048 and
a hashing algorithm of sha384, run the following
command:
gsk7capicmd -cert -create -db source.kdb -pw myPwd123 -label testlabel
-dn "cn=LDAP_Server.com,ou=myDept,o=sample" -size 2048 -fips
-sigalg sha384 -expire 1000
- To export a certificate with a specific label from a CMS key
database to another CMS key database in /transfer/ directory,
run the following command:
gsk7capicmd -cert -export -db source.kdb -pw myPwd123 -label testlabel -type cms
-target /transfer/test.kdb -target_pw myPwd123 -target_type cms
- To verify the certificate in the /transfer/test.kdb file,
run the following command:
gsk7capicmd -cert -list -db /transfer/test.kdb -pw myPwd123
- Transfer the key database and its related files in the /transfer/ directory
to the target computer.
- To import the certificate from a CMS key
database to another CMS key database, run the following
command from a later version of GSKit:
Note: If your computer
contains 32-bit GSKit, use the gsk8capicmd command.
If your computer contains 64-bit GSKit, use the gsk8capicmd_64 command.
gsk8capicmd_64 -cert -import -db /transfer/test.kdb -pw myPwd123 -label testlabel
-type cms -target /target/target.kdb -target_pw myPwd123 -target_type cms
-new_label testlabel
If the command completes the operation
successfully, the certificate is available in both the source and
target key databases.
- To verify the certificate in the /target/target.kdb file,
run the following command:
gsk8capicmd_64 -cert -list -db /target/target.kdb -pw myPwd123
What to do next
To use the key database with the imported certificates in
a directory server instance, add the key database files and related
details in the instance.