Export a certificate from a JKS (Java
keystore format) key database of an earlier version to another JKS key
database of a later version.
Before you begin
To export a certificate from a source computer to a target
computer, the following conditions must be met:
- The source computer must contain an earlier version of Web
Administration Tool that is deployed in an embedded WebSphere
Application Server and is set with JKS key database.
- The target computer must contain a later version of Web
Administration Tool that is deployed in an embedded WebSphere
Application Server.
- The target computer must contain a later version of IBM Java
Development Kit. IBM® Security
Directory Server,
version 6.3.1 requires IBM Java Development Kit, version 1.6 SR 14
or later.
About this task
If you have a valid
JKS key database file
with a certificate created with an earlier version of
ikeyman or
ikeycmd commands,
export the certificate to a target computer. You might want to export
for the following reasons:
- Reuse the certificate with a JKS key database
file created with later version of JKS commands.
- To resolve compatibility issues with later version of IBM Java
Development Kit.
Procedure
- Log in to a computer that contains an earlier version of Web
Administration Tool that is deployed in an embedded WebSphere
Application Server.
- Transfer the JKS key database and its
related files to the target computer.
- Set the JAVA_HOME and PATH variables
with the IBM Java location that is provided with IBM Security
Directory Server.
| Operating system |
Command to run: |
|---|
| AIX and Solaris |
export JAVA_HOME=/opt/IBM/ldap/V6.3.1/java
export PATH=/opt/IBM/ldap/V6.3.1/java/jre/bin:$PATH
|
| Linux |
export JAVA_HOME=/opt/ibm/ldap/V6.3.1/java
export PATH=/opt/ibm/ldap/V6.3.1/java/jre/bin:$PATH
|
| Windows |
set JAVA_HOME=C:\Program Files\IBM\ldap\V6.3.1\java
set PATH=C:\Program Files\IBM\ldap\V6.3.1\java\jre\bin:%PATH%
|
- To verify the certificate in the /source/source.jks file,
run the following command:
ikeycmd -cert -list -db /transfer/test.jks -pw myPwd123
- To export a certificate with a label from a source JKS key
database to a target JKS key database, run the following
command from a later version of ikeycmd:
ikeycmd -cert -export -db /source/source.jks -pw myPwd123 -label testlabel -type jks
-target /transfer/test.jks -target_pw myPwd123 -target_type jks
- To verify the certificate in the /target/test.jks file,
run the following command:
ikeycmd -cert -list -db /target/test.jks -pw myPwd123
What to do next
To use the target
JKS key database with
the certificates in
Web Administration Tool,
add the
JKS key database file in
Web Administration
Tool console.