Therefore, I'd changed the password from my default ( passw0rd ) to something else ( f00bar ).
To make it 100% clear, this is a sacrificial TEST VM, hence the weak password.
Alas muscle memory makes me type the old the password each and every time ( yes, I can/do use the stashed password when I remember ).
This is how I check what password I currently have: -
/opt/IBM/HTTPServer/bin/gskcapicmd -cert -list -db /opt/IBM/HTTPServer/APIC/ssl/keystore.kdb -pw f00bar
and this is how I change it BACK to my favourite ( albeit weak ) password: -
/opt/IBM/HTTPServer/bin/gskcapicmd -keydb -changepw -db /opt/IBM/HTTPServer/APIC/ssl/keystore.kdb -pw f00bar -new_pw passw0rd -stash
- Note that I'm stashing the new password as I change it
and this is how I verify the new password: -
/opt/IBM/HTTPServer/bin/gskcapicmd -cert -list -db /opt/IBM/HTTPServer/APIC/ssl/keystore.kdb -pw passw0rd
and this is how I verify the new stashed password: -
/opt/IBM/HTTPServer/bin/gskcapicmd -cert -list -db /opt/IBM/HTTPServer/APIC/ssl/keystore.kdb -stashed
Nice.
Note that I'm using gskcapicmd rather than gskcmd, simply because the former uses a C++ API whereas the latter uses Java, as evidenced below: -
/opt/IBM/HTTPServer/bin/gskcmd -version
iKeyman 8.0.414
CMS provider version 2.57
Java version 1.8.0
(C) Copyright IBM Corp. 2007, 2012.
ALL RIGHTS RESERVED
CMS provider version 2.57
Java version 1.8.0
(C) Copyright IBM Corp. 2007, 2012.
ALL RIGHTS RESERVED
/opt/IBM/HTTPServer/bin/gskcapicmd -version
GSKCAPICMD
==========
@(#)CompanyName: IBM Corporation
@(#)LegalTrademarks: IBM
@(#)FileDescription: IBM Global Security Toolkit
@(#)FileVersion: 8.0.50.69
@(#)InternalName: gskcapicmd
@(#)LegalCopyright: Licensed Materials - Property of IBM GSKit
(C) Copyright IBM Corp.1995, 2016
All Rights Reserved. US Government Users
Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
@(#)OriginalFilename: gsk8capicmd_64
@(#)ProductName: gsk8j (GoldCoast Build) 160809
@(#)ProductVersion: 8.0.50.69
@(#)ProductInfo: 16/08/03.02:49:36.16/08/09.17:05:03
@(#)CMVCInfo: gsk8j_160808/gsk8j_doc gsk8j_160808/gsk8j_ikm gsk8j_160808/gsk8j_cms gsk8j_160615/gsk8j_support gsk8j_160525/gsk8j_pkg gsk8j_160803/gsk8j_ssl gsk8j_160413/gsk8j_acme
and it's typically bad practice to have Java installed/running on a web server, especially if it's located within a DMZ, as per this: -
==========
@(#)CompanyName: IBM Corporation
@(#)LegalTrademarks: IBM
@(#)FileDescription: IBM Global Security Toolkit
@(#)FileVersion: 8.0.50.69
@(#)InternalName: gskcapicmd
@(#)LegalCopyright: Licensed Materials - Property of IBM GSKit
(C) Copyright IBM Corp.1995, 2016
All Rights Reserved. US Government Users
Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
@(#)OriginalFilename: gsk8capicmd_64
@(#)ProductName: gsk8j (GoldCoast Build) 160809
@(#)ProductVersion: 8.0.50.69
@(#)ProductInfo: 16/08/03.02:49:36.16/08/09.17:05:03
@(#)CMVCInfo: gsk8j_160808/gsk8j_doc gsk8j_160808/gsk8j_ikm gsk8j_160808/gsk8j_cms gsk8j_160615/gsk8j_support gsk8j_160525/gsk8j_pkg gsk8j_160803/gsk8j_ssl gsk8j_160413/gsk8j_acme
and it's typically bad practice to have Java installed/running on a web server, especially if it's located within a DMZ, as per this: -
No comments:
Post a Comment