Thursday, 1 March 2012

More on the Global Security Toolkit (GSK) and OpenSSL on Linux

This is just a bunch of links right now, but has been extremely useful to me in the past few days …..

IBM SDK for Java 6 - Security information


IBM SDK Policy files

I needed to use this as I have a requirement to import 2048-bit SSL root/intermediate certificates into the SSL keystore for IBM HTTP Server, and IHS only supports 1024-bit certificates out-of-the-box

IBM's SDKs ship with strong but limited jurisdiction policy files. Unlimited jurisdiction policy files can be obtained from the link above. The ZIP file should be unpacked and the two JAR files placed in the JRE's jre/lib/security/ directory. These policy files are for use with IBM developed SDKs. The same files are used for the Version 1.4 and Version 5 SDKs. Details of downloads of unlimited jurisdiction policy files for the Solaris and HP platforms can be found in the IBM Security Guide for those platforms.


Key Management Utility command-line interface (gsk7cmd) syntax

This is somewhat self-explanatory, but extremely useful.


Migrating OpenSSL certificates from the Apache HTTP Server to the IBM HTTP Server KDB file

This was useful in helping me understand how to move certificates from one format to another e.g. PKCS12 to PEM etc.


Setting up a public key infrastructure

This includes some examples of how to use gsk7cmd to view certificate details etc.

$ gsk7cmd -cert -details -db myBrokerTruststore.jks -label CACert


Can't receive certificate in Ikeyman: All the signer certificates must exist in the key database

This has some great examples of how to use the openssl command to look at certificates e.g.

$ openssl x509 -text -in certificate_from_certificateauthority.crt|grep Issuer:

No comments:

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...