Import a certificate on IBM HTTP
To use a certificate with IBM HTTP, you will need to have created a key database using the gkcapicmd tool.
This documentation's role is to allow import of a certificate and its key in a key database. Specific documentations exist to generate key and csr, and to install the certificate in a key database already containing its key.
Using gskcmd
The first step is to locate gkcapicmd binaries. By default, they are located in the bin subdirectory from the install directory. The binaries are called gskcmd.bat on Windows and gskcmd on other platforms.
You can also use the gskcapicmd tool to run the majority of the same tasks. This tool purpose is to handle cryptographic supports like PKCS#11. The directory is the same. Binaries are named gskcapicmd.bat on Windows and gskcapicmd on other platforms.
Creating the key database
IBM HTTP requires a stash file to store the password. The following command allows you to generate your key database, and its stash file. The files are created in the current directory unless you specify a path.
isntall_dir/bin/gskcmd -keydb -create -db yourDatabase.kbd -pw yourPassword -stash yourDatabase.sth
Import the certificate with its key
You may import either a PKCS#12 or JKS file. If you have base-64 file for openssl-based products, you can convert them to PKCS#12. PKCS#12 example:
install_dir/bin/gskcmd -cert -import -db yourDatabase.kdb -stashed -stash yourDatabase.sth -label pkcs12Label -new_label certificateLabelForYourDatabase -target myCertificate.p12 -target_type pkcs12
Java Keystore Example (JKS):
install_dir/bin/gskcmd -cert -import -db yourDatabase.kdb -stashed -stash yourDatabase.sth -label jksAlias -new_label certificateLabelForYourDatabase -target myCertificate.jks -target_type JKS
You certificate has been imported to your database and can now be used.
You can check the IBM configuration update section from our documentation on installation to use the certificate database.