Thursday, 1 March 2012
More on the Global Security Toolkit (GSK) and OpenSSL on Linux
This is just a bunch of links right now, but has been extremely useful to me in the past few days …..
IBM SDK for Java 6 - Security information
IBM SDK Policy files
I needed to use this as I have a requirement to import 2048-bit SSL root/intermediate certificates into the SSL keystore for IBM HTTP Server, and IHS only supports 1024-bit certificates out-of-the-box
IBM's SDKs ship with strong but limited jurisdiction policy files. Unlimited jurisdiction policy files can be obtained from the link above. The ZIP file should be unpacked and the two JAR files placed in the JRE's jre/lib/security/ directory. These policy files are for use with IBM developed SDKs. The same files are used for the Version 1.4 and Version 5 SDKs. Details of downloads of unlimited jurisdiction policy files for the Solaris and HP platforms can be found in the IBM Security Guide for those platforms.
Key Management Utility command-line interface (gsk7cmd) syntax
This is somewhat self-explanatory, but extremely useful.
Migrating OpenSSL certificates from the Apache HTTP Server to the IBM HTTP Server KDB file
This was useful in helping me understand how to move certificates from one format to another e.g. PKCS12 to PEM etc.
Setting up a public key infrastructure
This includes some examples of how to use gsk7cmd to view certificate details etc.
$ gsk7cmd -cert -details -db myBrokerTruststore.jks -label CACert
Can't receive certificate in Ikeyman: All the signer certificates must exist in the key database
This has some great examples of how to use the openssl command to look at certificates e.g.
$ openssl x509 -text -in certificate_from_certificateauthority.crt|grep Issuer: