Extracting certificates from a key database using nc_gskcmd

If you run Tivoli Netcool/OMNIbus in FIPS 140-2 mode, or if your network has Java-based clients, use the nc_gskcmd utility.

Procedure

To extract the certificate from the key database , run the following command:
$NCHOME/bin/nc_gskcmd -cert -extract -db "$NCHOME/etc/security/keys/omni.kdb" 
-pw password -label "keylabel" -target "$NCHOME/etc/security/keys/certname.arm"
Where password is the password for the key database, keylabel is the description of the certificate in the key database (specify this value as a quoted string), and certname is the name of the certificate that you want to extract. Specify the path to the certificate as a quoted string.

What to do next

Now open each key database into which you want to add the extracted certificate, and add the certificate as a signer certificate.