![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
Managing keys from the command line (Distributed systems)
The Java™ command line interface to IKEYMAN, gskcapicmd, provides the necessary options to create and manage keys, certificates and certificate requests. The native utility /bin/gskcapicmd is always preferred over /bin/gskcmd. gskcapicmd is faster and some features are added to gskcapicmd before gskcmd
About this task
gskver.bat, ikeyman.bat, gskcmd.bat, gskcmd, and gskcapicmd.
gskver, ikeyman, and gskcmd.
To have a secure network connection, create a key for secure network communications and receive a certificate from a certificate authority (CA) that is designated as a trusted CA on your server. Use gskcapicmd, the utility command line interface, for configuration tasks that are related to public and private key creation and management.
The gskcapicmd user interface uses Java and native command line invocation, enabling IKEYMAN task scripting.
You cannot use gskcapicmd for configuration options that update the server configuration file, httpd.conf. For options that update the server configuration file, use the IBM® HTTP Server administration server.
Procedure
- Use gskcapicmd to create key databases, public and private key pairs, and certificate requests using the command-line interface.
- If you act as your own certificate authority (CA), you can use gskcapicmd to create self-signed certificates.
- If you act as your own CA for a private Web network, you have the option to use the server CA utility to generate and issue signed certificates to clients and servers in your private network.
- Manage the database password using the command line.
- Create a public and private key pair and certificate request using the gskcapicmd command-line interface or GSKCapiCmd.
- Import and export keys using the command line. If you want to reuse an existing key from another database, you can import that key. Conversely, you can export your key into another database or to a PKCS12 file. PKCS12 is a standard for securely storing private keys and certificates. You can use the gskcapicmd command-line interface or GSKCapiCmd tool.
- Display default keys and certificate authorities within a key database.
- Store a certificate authority certificate from a certificate authority (CA) that is not a trusted CA.
- Store the encrypted database password in a stash file.
- Use gskcapicmd to create key databases, public and private key pairs, and certificate requests.
- If you act as your own certificate authority (CA), you can use gskcapicmd to create self-signed certificates.
- If you act as your own CA for a private Web network, you have the option to use the server CA utility to generate and issue signed certificates to clients and servers in your private network.