Generate a CSR for IBM HTTP
To use a certificate with IBM HTTP, you need to create a key database using the tool gkcapicmd.
Using gskcmd
The first step is to locate gkcapicmd binaries. By default you can find them in the bin directory from the install directory. The binaries are called gskcmd.bat on Windows and gskcmd on other platforms.
You can also use the gskcapicmd tool to run the majority of the same tasks. This tool purpose is to handle cryptographic supports like PKCS#11. The directory is the same. Binaries are named gskcapicmd.bat on Windows, and gskcapicmd on other platforms.
Creating the key database
IBM HTTP requires a stash file to store the password. The following command allows you to generate your key database, and its stash file. The files are created in the current directory unless you specify a path.
install_dir/bin/gskcmd -keydb -create -db yourDatabase.kbd -pw yourPassword -stash yourDatabase.sth
Creating the private key and the CSR
You can now generate the private key and the CSR:
install_dir/bin/gskcmd -certreq -create -db yourDatabase.kbd -stashed -stash yourDatabase.sth -label RequestLabel -dn "CN=www.domain.tld, O=YOUR ORGANIZATION, ,L=CITY, ST=State or Province, C=GB" -size 2048 -sigAlg sha256 -file myRequest.csr
Your CSR is now available, you can order your certificate.