0

Issue: Provisioning a certificate to WebSphere P12 file using iKeyman instead of the GSK tools

Need to provision a certificate to a WebSphere application server but do not have GSK tools or a GSK keystore. There is iKeyman instead.

Symptom:

Need to provision a certificate for WebSphere with a certificate in a P12 file containing multiple certificates.

Cause:

Using the P12 driver in Venafi Director Server, the new key will back up the existing certificate and then overwrite it losing all of the other existing keys within the P12 file.

Resolution:

  1. Provision a temporary P12 file to the same location as the original.
  2. Use iKeyman tools (ikeycmd) to take the temporarily provisioned certificate out of the new P12 file and place it inside the original P12 file alongside the other personal certificates.

This was achieved by running the following SSH command in workflow after provisioning a temporary P12 file:

/opt/IBM/HTTPServer/java/jre/bin/ikeycmd -cert -import -file /usr/share/tomcat5/temp.p12 -pw passw0rd -target /usr/share/tomcat5/master.p12 -target_pw passw0rd -target_type pkcs12

The command may change a little based on the OS and how it’s been configured but basically it’s possible to take a certificate out of one P12 and insert it into another P12 file.

0 comments

Please sign in to leave a comment.