Use iKeyman, IKEYCMD, and GSKCapiCmd
On UNIX and Windows systems, manage keys and digital certificates with the iKeyman GUI or from the command line using IKEYCMD or GSKCapiCmd.
- For UNIX systems:
- Use the gsk7ikm command to start the iKeyman GUI.
- Use the gsk7cmd command to perform tasks with the IKEYCMD command line interface.
- Use the gsk7capicmd command to perform tasks with the GSKCapiCmd command line interface. The command syntax for gsk7capicmd is the same as the syntax for gsk7cmd.
If we need to manage SSL certificates in a way that is FIPS and Common Criteria compliant, use the gsk7capicmd command instead of the gsk7cmd or runmqckm commands. This is because the gsk7capicmd command supports stronger encryption than the other commands.
See the WebSphere MQ System Administration Guide for a full description of the IKEYCMD and GSKCapiCmd command line interfaces.
Before you run the gsk7ikm command to start the iKeyman GUI, ensure you are working on a machine that is able to run the X Window System and that you do the following:
- Set the DISPLAY environment variable, for example:
export DISPLAY=mypc:0- Ensure that your PATH environment variable contains /usr/bin and /bin. This is also required for the gsk7cmd and gsk7capicmd commands. For example:
export PATH=$PATH:/usr/bin:/bin- Set the JAVA_HOME environment variable:
These are also required for the gsk7cmd command.
AIX export JAVA_HOME=/usr/mqm/ssl/jre HP-UX export JAVA_HOME=/opt/mqm/ssl/jre Linux export JAVA_HOME=/opt/mqm/ssl/jre Solaris export JAVA_HOME=/opt/mqm/ssl
- For Windows systems:
- Use the strmqikm command to start the iKeyman GUI.
- Use the runmqckm command to perform tasks with the IKEYCMD command line interface.
- Use the gsk7capicmd command to perform tasks with the GSKCapiCmd command line interface. The command syntax for gsk7capicmd is the same as the syntax for runmqckm.
Before you run gsk7capicmd on Windows, set your PATH environment variable to include the GSKit binary and library directories. For example, at the command line, enter:
set PATH=%PATH%;C:\\IBM\gsk7\bin;C:\Program Files\IBM\gsk7\lib
See the WebSphere MQ System Administration Guide for more information on the strmqikm, runmqckm, and gsk7capicmd commands.
To request SSL tracing on UNIX or Windows systems, see the WebSphere MQ System Administration Guide.
Parent topic:
Working with the Secure Sockets Layer (SSL) on UNIX and Windows systems
sy12140_