friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8826eae394
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/sec/ikeyman.htm

113 lines
5.3 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>The iKeyman utility</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h3><a name="ikeyman"></a>The iKeyman utility</h3>
<p>The iKeyman utility is a graphical user interface (GUI) based tool that you can use to manage your digital certificates. With iKeyman, you can create a new key database or test a digital certificate, add certificate authority (CA) roots to your database, copy certificates form one database to another, request and receive a digital certificate from a CA, set default keys, and change passwords.</p>
<p>The iKeyman utility is a part of the IBM Java Security Socket Extension package and is shipped with the WebSphere Application Server - Express product. It is recommended that you download the iKeyman utility to a workstation that supports graphical interfaces.</p>
<p><strong>Set up the iKeyman utility</strong></p>
<p>To set up the iKeyman utility to work with your digital certificates, follow these steps:</p>
<ol>
<li><p>If you have not already done so, install one of these Java environments on your workstation:</p>
<ul>
<li>IBM Developer Kit for Java, Version 1.3 or later</li>
<li>IBM Runtime Environment, Java Edition, Version 1.3 or later</li>
<li>Sun Microsystems, Inc. Java 2 Software Development Kit, Version 1.3 or later</li>
<li>Sun Microsystems, Inc. Java 2 Runtime Environemnt, Version 1.3 or later</li>
</ul><p></p></li>
<li><p>Download the iKeyman program files to your workstation.</p>
<p>You can map a network drive to your iSeries system or use file transfer protocol (FTP) to copy the files to your workstation system.</p>
<p>These are the iKeyman program files:</p>
<ul>
<li>/QIBM/ProdData/WebASE51/ASE/lib/gskikm.jar</li>
<li>/QIBM/ProdData/WebASE51/ASE/java/ext/ibmjceprovider.jar</li>
<li>/QIBM/ProdData/WebASE51/ASE/java/ext/ibmpkcs11.jar</li>
<li>/QIBM/ProdData/OS400/Java400/ext/ibmpkcs.jar</li>
<li>/QIBM/ProdData/OS400/Java400/ext/ibmjcefw.jar</li>
<li>/QIBM/ProdData/OS400/Java400/ext/US_export_policy.jar</li>
<li>/QIBM/ProdData/CAP/local_policy.jar</li>
</ul>
<p>Place the files in the jre/lib/ext subdirectory of your Java environment product directory. For example, on a Windows 32-bit system:</p>
<ul>
<li>C:\Program Files\IBM\Java14\jre\lib\ext</li>
<li>D:\j2sdk1.4.0_01\jre\lib\ext</li>
</ul><p></p></li>
<li><p>On your workstation, update the java.security file for your Java environment.</p>
<p>The java.security file is located in the jre/lib/security subdirectory of your Java environment. Open the file in a text editor, and look for an entry similar to this one:</p>
<pre> security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.rsajca.Provider</pre>
<p>Add this line to the end of the entry:</p>
<pre> security.provider.3=com.ibm.crypto.provider.IBMJCE</pre>
<p>If you use PKCS11 hardware cryptography support, also add this entry:</p>
<pre> security.provider.4=com.ibm.crypto.pkcs11.provider.IBMPKCS11</pre>
<p>Save the java.security file.</p></li>
<li><p>(Windows workstations only) Create a batch (BAT) file to run iKeyman.</p>
<p>If your workstation is a Windows system, you can create a batch file to start iKeyman. Create a batch file similar to the following:</p>
<pre> setlocal
set JAVA_HOME=<em>java_root</em>
set PATH=%JAVA_HOME%\jre\bin;%JAVA_HOME%\bin;%PATH%
java com.ibm.gsk.ikeyman.Ikeyman
endlocal</pre>
<p>where <em>java_root</em> is the root directory of your Java environment, for example, C:\j2sdk1.4.0_01.</p></li>
</ol>
<p><strong>Start the iKeyman utility</strong></p>
<p>If you created a batch file to start iKeyman, run the batch file.</p>
<p>If you did not create a batch file, you can start iKeyman from a prompt by entering the following command:</p>
<ol>
<li><p>Open a command prompt on your workstation.</p></li>
<li><p>Change to the directory that contains the iKeyman program files. This is <em>java_root</em>/jre/lib/ext, where <em>java_root</em> is the root directory of your Java environment product directories.</p></li>
<li><p>If your Java utilities (such as the <tt>java</tt> command) are not configured in your system path, enter these commands, where <em>java_root</em> is the root directory of your Java environment, for example, C:\j2sdk1.4.0_01:</p>
<pre> set JAVA_HOME=<em>java_root</em>
set PATH=%JAVA_HOME%\jre\bin;%JAVA_HOME%\bin;%PATH%</pre></li>
<li><p>Enter this command:</p>
<pre> java com.ibm.gsk.ikeyman.Ikeyman</pre></li>
</ol>
<p><strong>Using the iKeyman utility</strong></p>
<p>You can download additional information on iKeyman from IBM DeveloperWorks: <a href="http://www.ibm.com/developerworks/java/jdk/security/iKeymanDocs.zip">iKeymanDocs.zip</a> <img src="www.gif" width="19" height="15" alt="Link outside Information Center"></p>
<p><strong>Note:</strong> If you use iKeyman on a UNIX-based platform to create a certificate signing request, you must remove the end of line characters (^M) from the file. For example, to remove the end of line characters from a certificate signing request named certreq.arm, run the following command:</p>
<pre> cat certreq.arm |tr -d &quot;\r&quot; &gt; new_certreq.arm</pre>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink