Ask a Question

Installation Instructions for IBM WebSphere Server using the command line

Solution

This document provides instructions for installing SSL Certificates for IMB Websphere MQ using iKeycmd. If you are unable to use these instructions for your server, Symantec recommends that you contact IBM. 

NOTE: Keep in mind that to successfully use the certificate sent by Symantec, the Intermediate CA certificate and your SSL certificate must be imported into same key file from which the certificate request was generated. IKEYMAN gives errors when you try to import the Symantec certificate into a key file that does not contain the certificate request.

NOTE: To install the SSL Certificate by using the IKEYMAN GUI, follow the steps from this link: SO16542
 

Step 1: Download the RapidSSL Intermediate CA Certificate

    1.    Download the Intermediate CA certificate according to your SSL product from this link: AR1548
    2.    Copy the Intermediate CA and paste it on a Notepad document.

           Note:  Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE 
           and that no white spaces, extra line breaks or additional characters have been inadvertently added.

    3.    Save the file as intermediate_ca.cer


Step 2: Install RapidSSL Intermediate CA Certificate

    1.    Run following command to add the intermediate_ca.cer into the key database:

           For UNIX:

           gsk7cmd -cert -add -db filename -pw password -label label -file intermediate_ca.cer -format ascii

           For Windows:

           runmqckm -cert -add -db filename -pw password -label label -file intermediate_ca.cer -format ascii

  • -db filename is the fully qualified file name of a CMS key database, for example: dbkey.kdb
  • -pw password is the password for the CMS key database with an extansion .cms
  • -label is the key label attached to the certificate, for example: "ibmwebspheremqqmname"
  • -file filename is the fully qualified file name of the file containing the Intermediate CA certificate
  • -format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII. The default is ascii.
     

Step 3: Obtain the SSL Certificate 

    1.    The RapidSSL certificate will be sent by email.
    2.    Copy the certificate imbedded in the body of the email and paste it into a text file
            using Vi or Notepad.

            The text file should look like:

            -----BEGIN CERTIFICATE-----

                       [encoded data]

            -----END CERTIFICATE-----

    3.    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and
           that no white spaces, extra line breaks or additional characters have been inadvertently added.

           NOTE: The certificate can be also downloaded from the RapidSSL User Portal by
           following the steps from this link: SO16222

           Please select X.509 as a certificate format and copy only the End Entity Certificate.
 
    4.    Save the file with extansion .cer or .arm


Step 4: Install the SSL Certificate
 

    1.    To install a certificate in iKeycmd (using UNIX command line), run following command:

            For UNIX:

            gsk7cmd -cert -receive -file filename -db filename -pw password -format ascii 

            For Windows:

            runmqckm -cert -receive -file filename -db filename -pw password -format ascii  

  • -file filename is the fully qualified file name of the file containing the personal certificate. 
  • -db filename is the fully qualified file name of a CMS key database, for example: dbkey.kdb
  • -pw password is the password for the CMS key database with an extansion .cms
  • -label is the key label attached to the certificate, for example: "ibmwebspheremqqmname"
  • -format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII. The default is ascii.
     

Steps 5: Extract SSL Certificate

    1.    To extract a certificate in iKeycmd, run following command:

           For UNIX:

           gsk7cmd -cert -extract -db filename -pw password -label label -target filename -format ascii

           For Windows

           runmqckm -cert -extract -db filename -pw password -label label -target filename -format ascii  

  • -db filename is the fully qualified pathname of a CMS key database.
  • -pw password is the password for the CMS key database with an extansion .cms
  • -label label is the label attached to the certificate.
  • -target filename is the name of the destination file
  • -format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII. The default is ascii
     

    2.    To verify if your certificate is installed correctly, use the RapidSSL Installation Checker


IBM Support

            For more information, refer to IBM documentation / IMB Support