IBM HTTP Server SSL configuration using gsk7cmd utility

How to Create View Edit certificate in CLI mode using gsk7cmd command

          Now days most of the production server's are running in Unix machine and it dont have gui mode.
If we need to create certificate for WebServer (IHS Http) using ikeyman utility, we need to export the display to X-windows will take more time to load the X-Window if we are in low bandwidth network

Here the Simple command's create the complete SSL certificate setup

Export JAVA_HOME to execute the gsk7cmd

    1) export JAVA_HOME=/opt/WebSphere/AppServer/java

It will create the TEST.kdb, TEST.rdb, TEST.sth, TEST.crl files

    2)  gsk7cmd -keydb -create -db TEST.kdb -pw passwd -type cms -expire 365 -stash

Then need to create Self-signed certificate to TEST.kdb file.

    3)  gsk7cmd -cert -create -db TEST.kdb  -pw passwd -label "HTTP Server Key" -dn,O="IT,C=US" -expire 365 -default_cert yes

We can check the default certificate details using below command

   4)  gsk7cmd -cert -getdefault -db TEST.kdb  -pw passwd

Ouput .....

Label: HTTP Server Key
Key Size: 1024
Version: X509 V3
Serial Number: BA BA 6D DB 5C FC F1 D6
Issued By:
Valid From: Sunday, October 31, 2010 7:13:37 PM GMT To: Tuesday, November 1, 2011 7:13:37 PM GMT
Fingerprint: 3C:B8:C5:7B:61:14:7B:D4:5F:DE:C9:52:3F:BF:10:EB:EA:C2:E5:5F
Signature Algorithm: 1.2.840.113549.1.1.4
Trust Status: enabled


5) Then edit the httpd.conf file add the below line

    LoadModule ibm_ssl_module modules/
    Listen 443
   KeyFile /usr/IBMHTTPServer/ssl/key.kdb

6) Restart IBM HTTP Server using the standard method and confirm that it is now responding on SSL port 443 by hitting the https://ihs_server_name/

No comments:

Post a Comment