|
Problem(Abstract) |
For some reason, the GSKit Command Line tools do not
always return a comprehensive error message that identifies the root cause
of the problem directly.
For example, even though there is no certificate for a given label, you
may still receive the following message:
"A certificate with the same label has already existed in the key
database." |
|
Symptom |
For instance, if you create a certificate request for a
newly created keystore, like:
C:\Program Files\ibm\gsk7\bin>gsk7cmd -certreq -create -db newkey.kdb
-label "my
certificate request" -dn
"cn=myserver.domain.com,o=company,ou=department,l=city
,st=state,c=country" -size 1024 -file mycertreq.csr
You may receive the error message:
"A certificate with the same label has already existed in the key
database."
But as the keystore is new, no personal certificates or certificate
requests exist in the keystore.
Despite of this error, the CSR file with a valid request is created. But
when you try to receive the certificate later on, this will end up in
another error:
"An error occurred while receiving the certificate from the given file.
The certificate request created for the certificate is not in the key
database."
If you try to list the certificates in a keystore with
C:\Program Files\ibm\gsk7\bin>gsk7cmd -cert -list -db newkey.kdb
you will receive the following error even though keys may exist:
"No key was found in the key database."
|
|
|
 |
|
Cause |
You need to specify the password of the keystore for any
operation.
When the certificate request is created, the CSR file is generated, but
the request is not entered into the keystore KDB, because the gsk7cmd
-certreq command lacks the password for the keystore.
So the message "a certificate with the same label exists" is incorrect and
misleading. In fact, gsk7cmd cannot even open the keystore, because the
user did not specify the keystore's password.
The same applies for the -cert -list command.
Try "gsk7cmd -cert -list -db newkey.kdb -pw <password>" and the
certificates will be listed. |
|
|
Resolving the
problem |
Add the option "-pw <password>" to the command line.
Even if a stash file is present for the given keystore, this will not
allow gsk7cmd to open the keystore.
|
|
|
|
|
|
|