I'm active Experts Exchange contributor, and there's this SSL/kdb problem. I indulge myself into publishing my comment to one of the questions (http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/SSL/Q_27794894.html) here (with some edits):
It's on CMS format (IBM Key Database file) and problems with opening it with your ikeyman tool (with WebSphere java):
er/java but
from different WAS package JRE - like UpdateInstaller or
InstallationManager - I'm sure you have either installed on your machine
so try them. It's on CMS format (IBM Key Database file) and problems with opening it with your ikeyman tool (with WebSphere java):
- for CMS it is IBM proprietary format (like
LTPA) and is not available in non-IBM JRE/JDKs, BUT I also had this
issue that WAS's JDK could not open CMS (kdb) files - can't really say
why as I did not troubleshoot it. but the workaround that worked for me
was to run ikeyman not from /opt/IBM/WebSphere/AppServ
I just now checked how it looks like when running ikeyman from: C:\Program Files (x86)\IBM\WebSphere\AppSer
- difference between kdb and p12 is - at least this is "emiprical" difference experienced by me - that kdb usually houses many certificates (signer&personal) for use by applications, whereas p12 is usually used to carry one certificate from an issuer to the owner (for instance I get my corporate certificate in p12 from supplier). just "any" java's keytool or any gsk7 won't be able to open kdb file, it must me somewhere near ;) WebSphere
- if you use kdb file for your IHS, don't forget to indicate your certificate as "default" in the kdb file. I was looking for the way to set cert alias to use from within httpd.conf file, but it seems to be impossible
- I thought that IHS uses ONLY kdb database to get certifcates from but I just found that you may simply supply crt file - PEM encoded (example: http://rimuhosting.com/howto/modssl.jsp)
http://pic.dhe.ibm.com/inf