Contents
Preface ...............v
Who should read this book .........v
Accessibility ..............v
IBM and accessibility ..........v
Contacting software support .........v
Conventions used in this book ........vi
Typeface conventions ..........vi
Operating system differences .......vi
Chapter 1. Using the GSKCapiCmd
program...............1
Language support overview .........1
Locale environment variables ........1
LANG variable on UNIX or Linux systems . . . 1
Forcing output to a different locale ......2
Using locale variants ..........2
Text encoding (code set) support.......3
KeyStore Overview ............3
GSKCapiCmd command-line syntax ......4
Chapter 2. Key database commands . . 7
Keystore access control ...........7
Create a key database (-create) ........8
Delete a key database (-delete) ........10
Change the password of an existing key database
(-changepw) ..............10
Stash the password of an existing key database
(-stashpw) ...............12
List the supported key databases (-list) .....12
Convert a key database (-convert) .......13
Display the expiry date associated with a key
database (-expiry) [deprecated] ........14
Chapter 3. Certificate commands . . . 17
Signature algorithms ...........17
Information about key sizes .........18
Information about elliptic curves .......18
Suite B algorithm and key size selection .....18
Create a self-signed certificate in a keystore (-create) 19
Add a certificate to a keystore (-add) ......21
Delete a certificate from a keystore (-delete) . . . 23
Display details of a certificate (-details) .....24
Export a certificate (-export) .........26
Receive a certificate into a keystore (-receive) . . . 27
Import a certificate (-import) ........28
Extract a certificate from a keystore (-extract) . . . 30
List details of the default certificate (-getdefault)
[deprecated] ..............32
Set default certificate in a keystore (-setdefault)
[deprecated] ..............33
Rename a certificate in a keystore (-rename) . . . 34
List the certificates stored in a keystore (-list) . . . 35
Modify a certificate in a keystore (-modify) ....37
Sign a certificate (-sign) ..........38
Validate a certificate (-validate) ........40
Chapter 4. Certificate request
commands .............43
Create a certificate request (-create) ......43
Delete certificate request (-delete) .......45
List certificate request details (-details) .....46
Extract certificate request (-extract) ......48
List all certificate requests (-list) .......49
Re-create certificate requests (-recreate) .....50
Chapter 5. Random commands ....53
Create a random password of a specified length
(-create) ...............53
Chapter 6. Help commands ......55
Chapter 7. Version command .....57
Chapter 8. Runtime messages.....59
Chapter 9. Error codes and messages 73
Appendix A. CMS key databases . . . 79
What is a CMS key database? ........79
How is a CMS key database organized? .....79
How is a CMS key database protected .....79
What can I put in a CMS key database? .....80
What is a label? .............80
How can I manipulate certificates in a CMS
keystore? ...............80
Appendix B. A Simple Example ....83
The requirement .............83
Considerations for the administrator ......83
Step 1 – Obtain a company-wide intermediate
certificate ...............83
Step 2 – Sign all employee certificates using the
ACME intermediate ...........84
Step 3. Create the web server certificate .....85
So do we meet the requirements? .......86
Appendix C. Resources .......87
Appendix D. Notices .........89
Trademarks ..............91
© Copyright IBM Corp. 2005, 2011 iii