Importing a certificate from a key database

Import a certificate of a key database that is created with an earlier version of GSKCapiCmd commands to another key database with a later version of GSKCapiCmd commands.

Before you begin

To export a certificate from a source computer and to import the certificate on a target computer, the following conditions must be met:

The source computer must contain an earlier version of IBM® Global Security Kit (GSKit).
The target computer must contain a later version of IBM Global Security Kit. IBM Security Directory Server, version 6.3.1 requires IBM Global Security Kit, version 8.0.14.26 or later.

About this task

If you have a valid key database file with a certificate created with an earlier version of GSKCapiCmd commands, export the certificate to a target computer.

Reuse the certificate with a key database file created with later version of GSKCapiCmd commands to resolve compatibility issues with later version of IBM Global Security Kit.

Procedure

Log in as a directory server instance owner to the computer that contains an earlier version GSKit. For example, GSKit, version 7.
To create a CMS key database, run the following command:
Note: If your computer contains 32-bit GSKit, use the gsk7capicmd command. If your computer contains 64-bit GSKit, use the gsk7capicmd_64 command.
```
gsk7capicmd -keydb -create -db source.kdb -pw myPwd123 -type cms 
 -expire 1000 -stash -fips
```

To create a self-signed certificate with a key size of 2048 and a hashing algorithm of sha384, run the following command:

gsk7capicmd -cert -create -db source.kdb -pw myPwd123 -label testlabel 
 -dn "cn=LDAP_Server.com,ou=myDept,o=sample" -size 2048 -fips 
 -sigalg sha384 -expire 1000

To export a certificate with a specific label from a CMS key database to another CMS key database in /transfer/ directory, run the following command:

gsk7capicmd -cert -export -db source.kdb -pw myPwd123 -label testlabel -type cms 
 -target /transfer/test.kdb -target_pw myPwd123 -target_type cms

To verify the certificate in the /transfer/test.kdb file, run the following command:
```
gsk7capicmd -cert -list -db /transfer/test.kdb -pw myPwd123
```
Transfer the key database and its related files in the /transfer/ directory to the target computer.
To import the certificate from a CMS key database to another CMS key database, run the following command from a later version of GSKit:
Note: If your computer contains 32-bit GSKit, use the gsk8capicmd command. If your computer contains 64-bit GSKit, use the gsk8capicmd_64 command.
```
gsk8capicmd_64 -cert -import -db /transfer/test.kdb -pw myPwd123 -label testlabel 
 -type cms -target /target/target.kdb -target_pw myPwd123 -target_type cms 
 -new_label testlabel
```
If the command completes the operation successfully, the certificate is available in both the source and target key databases.
To verify the certificate in the /target/target.kdb file, run the following command:
```
gsk8capicmd_64 -cert -list -db /target/target.kdb -pw myPwd123
```

What to do next

To use the key database with the imported certificates in a directory server instance, add the key database files and related details in the instance.