Before you start
This tutorial describes how to use IBM GSKit and OpenSSL tools for common certificate management tasks. It is not a general tutorial on public key cryptography, X.509 certificates, or SSL/TLS.
IBM Global Security Kit (GSKit) is a common component that is used by a number of IBM products for its cryptographic and SSL/TLS capabilities. While each product provides some minimal documentation on how to use GSKit, this tutorial provides a comprehensive, product neutral tutorial on how to perform common certificate management tasks.
The tasks in this tutorial are described with a command-line approach to ensure they can be incorporated into automation scripts.
In this tutorial, you learn how to locate and set up the GSKit command-line utility, how to create different kinds of digital certificates, how to set up your own Certificate Authority and sign certificates, as well as how to install, use, and switch between certificates.
This tutorial is written for system administrators, security specialists, and developers who use IBM products containing GSKit.
You need an IBM product that includes GSKit version 7 or 8. You generally do not need administrative or root access to the system unless you need to install optional OpenSSL software. However, you need read and write access to the certificate key database of your product, which can require administrative or root privileges.