Topic
  • 6 replies
  • Latest Post - ‏2004-06-18T18:57:44Z by SystemAdmin
SystemAdmin
SystemAdmin
37421 Posts
ACCEPTED ANSWER

Pinned topic Utility for importing key and certificate into websphere

‏2004-06-17T15:18:41Z |
Hi,

Are there any websphere or external tools that I can use to import
key/certificate from other server to websphere?

Thanks,
Jennifer

Updated on 2004-06-18T18:57:44Z at 2004-06-18T18:57:44Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    37421 Posts
    ACCEPTED ANSWER

    Re: Utility for importing key and certificate into websphere

    ‏2004-06-17T18:04:45Z   in response to SystemAdmin
    WebSphere Application Server and all other IBM tools that use PKI (SSL) for
    encrypting traffic use what is called as GSK (Global Security Kit). This
    comes with a utility called ikeyman that allows you to manage your
    certificate store (aka kdb).

    Sunit

    "Jennifer J-N Liu" <jennliu@nortelnetworks.com> wrote in message
    news:cascoi$4c1i$1@news.boulder.ibm.com...
    > Hi,
    >
    > Are there any websphere or external tools that I can use to import
    > key/certificate from other server to websphere?
    >
    > Thanks,
    > Jennifer
    >
    >

    • SystemAdmin
      SystemAdmin
      37421 Posts
      ACCEPTED ANSWER

      Re: Utility for importing key and certificate into websphere

      ‏2004-06-17T22:37:56Z   in response to SystemAdmin
      Here is what I did:

      1. First I exported my certificate to a pkcs12 format file from SunOne,
      2. then ftped it to my websphere platform
      3. start ikeyman tool
      4. create a server key store file,

      At this point, I don't see any menu bar item that could allow me to import
      a pkcs12
      file.

      5. If I create a self-signed certificate, and then extract a public
      certificate from
      it, I see a button on the window "Export/Import", When I click the
      button, I
      see that the pull down menu allow import of a "pkcs12" type file, so I
      tried
      to import my file, but got an error message say "the specified database
      has
      been corrupted".

      I am not sure whether I need to do step 5 in order to import a certificate,
      but if I
      Don't, the tool does not appear to have any other interface to allow
      importing.

      Any suggestions?

      Thanks,
      Jennifer

      "Sunit Patke" <supatke@nospam.com> wrote in message
      news:casmfu$5ns4$1@news.boulder.ibm.com...
      > WebSphere Application Server and all other IBM tools that use PKI (SSL)
      for
      > encrypting traffic use what is called as GSK (Global Security Kit). This
      > comes with a utility called ikeyman that allows you to manage your
      > certificate store (aka kdb).
      >
      > Sunit
      >
      > "Jennifer J-N Liu" <jennliu@nortelnetworks.com> wrote in message
      > news:cascoi$4c1i$1@news.boulder.ibm.com...
      > > Hi,
      > >
      > > Are there any websphere or external tools that I can use to import
      > > key/certificate from other server to websphere?
      > >
      > > Thanks,
      > > Jennifer
      > >
      > >
      >
      >

      • SystemAdmin
        SystemAdmin
        37421 Posts
        ACCEPTED ANSWER

        Re: Utility for importing key and certificate into websphere

        ‏2004-06-18T13:43:53Z   in response to SystemAdmin
        I think you are in the wrong tab. From the drop down select Personal
        certificates (signer certificates is the default tab). You should see the
        import certificate button on the right hand side.

        Sunit

        "Jennifer J-N Liu" <jennliu@nortelnetworks.com> wrote in message
        news:cat6g7$9de6$1@news.boulder.ibm.com...
        > Here is what I did:
        >
        > 1. First I exported my certificate to a pkcs12 format file from SunOne,
        > 2. then ftped it to my websphere platform
        > 3. start ikeyman tool
        > 4. create a server key store file,
        >
        > At this point, I don't see any menu bar item that could allow me to
        import
        > a pkcs12
        > file.
        >
        > 5. If I create a self-signed certificate, and then extract a public
        > certificate from
        > it, I see a button on the window "Export/Import", When I click the
        > button, I
        > see that the pull down menu allow import of a "pkcs12" type file, so I
        > tried
        > to import my file, but got an error message say "the specified
        database
        > has
        > been corrupted".
        >
        > I am not sure whether I need to do step 5 in order to import a
        certificate,
        > but if I
        > Don't, the tool does not appear to have any other interface to allow
        > importing.
        >
        > Any suggestions?
        >
        > Thanks,
        > Jennifer
        >
        >
        >
        > "Sunit Patke" <supatke@nospam.com> wrote in message
        > news:casmfu$5ns4$1@news.boulder.ibm.com...
        > > WebSphere Application Server and all other IBM tools that use PKI (SSL)
        > for
        > > encrypting traffic use what is called as GSK (Global Security Kit). This
        > > comes with a utility called ikeyman that allows you to manage your
        > > certificate store (aka kdb).
        > >
        > > Sunit
        > >
        > > "Jennifer J-N Liu" <jennliu@nortelnetworks.com> wrote in message
        > > news:cascoi$4c1i$1@news.boulder.ibm.com...
        > > > Hi,
        > > >
        > > > Are there any websphere or external tools that I can use to import
        > > > key/certificate from other server to websphere?
        > > >
        > > > Thanks,
        > > > Jennifer
        > > >
        > > >
        > >
        > >
        >
        >

      • SystemAdmin
        SystemAdmin
        37421 Posts
        ACCEPTED ANSWER

        Re: Utility for importing key and certificate into websphere

        ‏2004-06-18T13:59:03Z   in response to SystemAdmin
        Jennifer,

        Which certificate database are you opening ??? The certificate that you
        are importing, is it a signer certificate or Personal/server certificate
        ?? If you want WebSphere to have the same SunOne Personal Cert, then
        what you want to do is:
        1. Open keytool.
        2. open ServerKeyFile (Dummy or the one you have created and configured
        in WAS ).
        3. Click on "Key Database Content" drop down list.
        4. Choose "Personal Cert" and then import the pks12 cert into it.
        5. If it is dummy, then you will have two certs and you can probably
        choose which one to be "active" or "primary", I guess.
        6. It is a good idea to get rid of Dummy Server cert, but again it
        depends on how much you want to customize.
        7. Dont forget to add this cert to the Server and Client Trust stores also.

        If not, please explain what is your intent in this Cert export and import.

        HTH
        Dexthor.
        Jennifer J-N Liu wrote:
        > Here is what I did:
        >
        > 1. First I exported my certificate to a pkcs12 format file from SunOne,
        > 2. then ftped it to my websphere platform
        > 3. start ikeyman tool
        > 4. create a server key store file,
        >
        > At this point, I don't see any menu bar item that could allow me to import
        > a pkcs12
        > file.
        >
        > 5. If I create a self-signed certificate, and then extract a public
        > certificate from
        > it, I see a button on the window "Export/Import", When I click the
        > button, I
        > see that the pull down menu allow import of a "pkcs12" type file, so I
        > tried
        > to import my file, but got an error message say "the specified database
        > has
        > been corrupted".
        >
        > I am not sure whether I need to do step 5 in order to import a certificate,
        > but if I
        > Don't, the tool does not appear to have any other interface to allow
        > importing.
        >
        > Any suggestions?
        >
        > Thanks,
        > Jennifer
        >
        >
        >
        > "Sunit Patke" <supatke@nospam.com> wrote in message
        > news:casmfu$5ns4$1@news.boulder.ibm.com...
        >
        >>WebSphere Application Server and all other IBM tools that use PKI (SSL)
        >
        > for
        >
        >>encrypting traffic use what is called as GSK (Global Security Kit). This
        >>comes with a utility called ikeyman that allows you to manage your
        >>certificate store (aka kdb).
        >>
        >>Sunit
        >>
        >>"Jennifer J-N Liu" <jennliu@nortelnetworks.com> wrote in message
        >>news:cascoi$4c1i$1@news.boulder.ibm.com...
        >>
        >>>Hi,
        >>>
        >>>Are there any websphere or external tools that I can use to import
        >>>key/certificate from other server to websphere?
        >>>
        >>>Thanks,
        >>>Jennifer
        >>>
        >>>
        >>
        >>
        >
        >
        • SystemAdmin
          SystemAdmin
          37421 Posts
          ACCEPTED ANSWER

          Re: Utility for importing key and certificate into websphere

          ‏2004-06-18T18:36:07Z   in response to SystemAdmin
          Thank you all for tips.

          The sunOne certificate that I am trying to import, is a Server certificate
          (certificate that is assigned for a specific virtual server, ***cert7.db and
          ***key3.db), it is a self-signed certificate (no CA), I guess it should map
          to "personal certificate" in Websphere domain. I exported it using pk12util
          to a file called sunone_cert.p12.

          I tried again to import the sunone_cert.p12 file by using the "import"
          button under "Personal Cert" drop down list, it still gives me error message
          saying "the specified database has been corrupted".

          Then I tried to export a personal certificate from Websphere to Sunone, that
          works.

          Are "personal certificate" from Websphere equivalent to the "server
          certificate" in SunOne?

          The p12 files are all binary, so I am not sure whether they follow same
          format. I did notice that the size of the file from SunOne and Websphere
          are different, (sunOne p12 file is of larger size).

          Any more suggestions?

          Thanks,
          Jennifer

          I opened the
          "Gopala Molakaluri" <dexthor@yahoo.com> wrote in message
          news:causf8$1sv4$1@news.boulder.ibm.com...
          > Jennifer,
          >
          > Which certificate database are you opening ??? The certificate that you
          > are importing, is it a signer certificate or Personal/server certificate
          > ?? If you want WebSphere to have the same SunOne Personal Cert, then
          > what you want to do is:
          > 1. Open keytool.
          > 2. open ServerKeyFile (Dummy or the one you have created and configured
          > in WAS ).
          > 3. Click on "Key Database Content" drop down list.
          > 4. Choose "Personal Cert" and then import the pks12 cert into it.
          > 5. If it is dummy, then you will have two certs and you can probably
          > choose which one to be "active" or "primary", I guess.
          > 6. It is a good idea to get rid of Dummy Server cert, but again it
          > depends on how much you want to customize.
          > 7. Dont forget to add this cert to the Server and Client Trust stores
          also.
          >
          > If not, please explain what is your intent in this Cert export and import.
          >
          > HTH
          > Dexthor.
          > Jennifer J-N Liu wrote:
          > > Here is what I did:
          > >
          > > 1. First I exported my certificate to a pkcs12 format file from
          SunOne,
          > > 2. then ftped it to my websphere platform
          > > 3. start ikeyman tool
          > > 4. create a server key store file,
          > >
          > > At this point, I don't see any menu bar item that could allow me to
          import
          > > a pkcs12
          > > file.
          > >
          > > 5. If I create a self-signed certificate, and then extract a public
          > > certificate from
          > > it, I see a button on the window "Export/Import", When I click the
          > > button, I
          > > see that the pull down menu allow import of a "pkcs12" type file, so
          I
          > > tried
          > > to import my file, but got an error message say "the specified
          database
          > > has
          > > been corrupted".
          > >
          > > I am not sure whether I need to do step 5 in order to import a
          certificate,
          > > but if I
          > > Don't, the tool does not appear to have any other interface to allow
          > > importing.
          > >
          > > Any suggestions?
          > >
          > > Thanks,
          > > Jennifer
          > >
          > >
          > >
          > > "Sunit Patke" <supatke@nospam.com> wrote in message
          > > news:casmfu$5ns4$1@news.boulder.ibm.com...
          > >
          > >>WebSphere Application Server and all other IBM tools that use PKI (SSL)
          > >
          > > for
          > >
          > >>encrypting traffic use what is called as GSK (Global Security Kit). This
          > >>comes with a utility called ikeyman that allows you to manage your
          > >>certificate store (aka kdb).
          > >>
          > >>Sunit
          > >>
          > >>"Jennifer J-N Liu" <jennliu@nortelnetworks.com> wrote in message
          > >>news:cascoi$4c1i$1@news.boulder.ibm.com...
          > >>
          > >>>Hi,
          > >>>
          > >>>Are there any websphere or external tools that I can use to import
          > >>>key/certificate from other server to websphere?
          > >>>
          > >>>Thanks,
          > >>>Jennifer
          > >>>
          > >>>
          > >>
          > >>
          > >
          > >
          >

          • SystemAdmin
            SystemAdmin
            37421 Posts
            ACCEPTED ANSWER

            Re: Utility for importing key and certificate into websphere

            ‏2004-06-18T18:57:44Z   in response to SystemAdmin
            You can try to create a new Key Database. After you do it, you have to
            configure WebSphere to use it.

            Dexthor.

            "Jennifer J-N Liu" <jennliu@nortelnetworks.com> wrote in message
            news:cavcn2$45ka$1@news.boulder.ibm.com...
            > Thank you all for tips.
            >
            > The sunOne certificate that I am trying to import, is a Server certificate
            > (certificate that is assigned for a specific virtual server, ***cert7.db
            and
            > ***key3.db), it is a self-signed certificate (no CA), I guess it should
            map
            > to "personal certificate" in Websphere domain. I exported it using
            pk12util
            > to a file called sunone_cert.p12.
            >
            > I tried again to import the sunone_cert.p12 file by using the "import"
            > button under "Personal Cert" drop down list, it still gives me error
            message
            > saying "the specified database has been corrupted".
            >
            > Then I tried to export a personal certificate from Websphere to Sunone,
            that
            > works.
            >
            > Are "personal certificate" from Websphere equivalent to the "server
            > certificate" in SunOne?
            >
            > The p12 files are all binary, so I am not sure whether they follow same
            > format. I did notice that the size of the file from SunOne and Websphere
            > are different, (sunOne p12 file is of larger size).
            >
            > Any more suggestions?
            >
            > Thanks,
            > Jennifer
            >
            > I opened the
            > "Gopala Molakaluri" <dexthor@yahoo.com> wrote in message
            > news:causf8$1sv4$1@news.boulder.ibm.com...
            > > Jennifer,
            > >
            > > Which certificate database are you opening ??? The certificate that you
            > > are importing, is it a signer certificate or Personal/server certificate
            > > ?? If you want WebSphere to have the same SunOne Personal Cert, then
            > > what you want to do is:
            > > 1. Open keytool.
            > > 2. open ServerKeyFile (Dummy or the one you have created and configured
            > > in WAS ).
            > > 3. Click on "Key Database Content" drop down list.
            > > 4. Choose "Personal Cert" and then import the pks12 cert into it.
            > > 5. If it is dummy, then you will have two certs and you can probably
            > > choose which one to be "active" or "primary", I guess.
            > > 6. It is a good idea to get rid of Dummy Server cert, but again it
            > > depends on how much you want to customize.
            > > 7. Dont forget to add this cert to the Server and Client Trust stores
            > also.
            > >
            > > If not, please explain what is your intent in this Cert export and
            import.
            > >
            > > HTH
            > > Dexthor.
            > > Jennifer J-N Liu wrote:
            > > > Here is what I did:
            > > >
            > > > 1. First I exported my certificate to a pkcs12 format file from
            > SunOne,
            > > > 2. then ftped it to my websphere platform
            > > > 3. start ikeyman tool
            > > > 4. create a server key store file,
            > > >
            > > > At this point, I don't see any menu bar item that could allow me to
            > import
            > > > a pkcs12
            > > > file.
            > > >
            > > > 5. If I create a self-signed certificate, and then extract a public
            > > > certificate from
            > > > it, I see a button on the window "Export/Import", When I click the
            > > > button, I
            > > > see that the pull down menu allow import of a "pkcs12" type file,
            so
            > I
            > > > tried
            > > > to import my file, but got an error message say "the specified
            > database
            > > > has
            > > > been corrupted".
            > > >
            > > > I am not sure whether I need to do step 5 in order to import a
            > certificate,
            > > > but if I
            > > > Don't, the tool does not appear to have any other interface to allow
            > > > importing.
            > > >
            > > > Any suggestions?
            > > >
            > > > Thanks,
            > > > Jennifer
            > > >
            > > >
            > > >
            > > > "Sunit Patke" <supatke@nospam.com> wrote in message
            > > > news:casmfu$5ns4$1@news.boulder.ibm.com...
            > > >
            > > >>WebSphere Application Server and all other IBM tools that use PKI
            (SSL)
            > > >
            > > > for
            > > >
            > > >>encrypting traffic use what is called as GSK (Global Security Kit).
            This
            > > >>comes with a utility called ikeyman that allows you to manage your
            > > >>certificate store (aka kdb).
            > > >>
            > > >>Sunit
            > > >>
            > > >>"Jennifer J-N Liu" <jennliu@nortelnetworks.com> wrote in message
            > > >>news:cascoi$4c1i$1@news.boulder.ibm.com...
            > > >>
            > > >>>Hi,
            > > >>>
            > > >>>Are there any websphere or external tools that I can use to import
            > > >>>key/certificate from other server to websphere?
            > > >>>
            > > >>>Thanks,
            > > >>>Jennifer
            > > >>>
            > > >>>
            > > >>
            > > >>
            > > >
            > > >
            > >
            >
            >