Export a Private Key and Certificate From GSKKYMAN to IKEYMAN.

Body

There may be certain instances where the private key and certificate needs to be exported from the mainframe key database (GSKKYMAN) to be used on either C:D Unix or C:D Windows IKEYMAN. If you are trying to go eo either C:D Unix 4.1 (or earlier) or C:D Windows 4.6 (or earlier), this cannot be done, since GSKKYMAN is not compatible with the Keycert and Trusted Root formats used by these versions of C:D Unix and C:D Windows.

However, if you are using C:D Unix is 4.2 (or greater) or C:D Windows 4.7 (or greater), this can be done, since GSKKYMAN and IKEYMAN are designed to be compatible.

To Export Private Key From GSKKYMAN for Import into IKEYMAN:

1) Go into GSKKYMAN and select option 2 - Open database (enter both the database name, including the .kdb extension, and the password for the database).

2) Select option 1 - Manage keys and certificates.

3) Select the number corresponding to the key you want to export.

4) Now select option 7 - Export certificate and key to a file

5) For the Export File Format, select option 3 - Binary PKCS #12 Version 3.

6) Enter the name you want to file to be called - while any extension can be used, IKEYMAN uses the .p12 extension by default (for example - Z48Key.p12).

7) Enter a password for this key file. This will be needed when importing it into IKEYMAN later.

8) Re-enter the password to confirm it.

9) Select 0 for export encryption.

The certificate and key have now been exported to the file you specified in step 6). Copy this file as datatype=binary to your C:D Unix or C:D Windows system.

To Import the Private Key exported from GSKKYMAN into IKEYMAN:

1) Open the IKEYMAN GUI, (for example, if running C:D Windows 4.7, go to Start menu and open All Programs >> IBM Sterling Connect Direct v4.7.0 >> IBM Key Manager)

2) From the Key Database File menu, click Open. The Open window displays.

3) Click Key database type and select CMS (Certificate Management System).

4) Click Browse to navigate to the directory that contains the key database files and select the correct .kdb file.

5) Click Open. The Password Prompt window displays - type the password you set when you created the key database and click OK. The name of your key database file displays in the File Name field in the "Key database information" section.

6) Click Export/Import (button at right).

7) Select Import key, select Key file type as PKCS12, then browse to the file you just copied from GSKKYMAN. When selected, click OK.

8) The Password Prompt opens - enter the password used when this key file was exported from GSKKYMAN.

9) You will be asked what label should be used for this file - you will probably want to change this to a label better suited for your database. Select the label, then alter it in the "Enter a new label" box. When done, click Apply.

You should now see your certificate label you just selected in the "Personal Certificates" in the  "Key database content" section. To set this new certificate as your default certificate, double-click on the label, then in the "Key information" panel that comes up, go to the bottom and click the "Set the certificate as the default" box. Click OK.