Displaying default keys and certificate authorities within a key database

Home

Displaying default keys and certificate authorities

This section describes how to view trusted certificate authorities and display default keys within a key database.
A trusted certificate authority (CA) issues and manages public keys for data encryption. A key database is used to share public keys that are used for secure connections. The tasks that follow show how to view the certificate authorities that are in your database, along with their expiration dates.
Display a list of trusted CAs in a key database by entering the following command as one line:
/IBM/IHS/bin/gsk7cmd -cert -list CA -db < dbname > -pw <password> -type <cms | jks |jceks | pkcs12>
Display a list of certificates in a key database and their expiration dates by enter the following command:
/IBM/IHS/bin/gsk7cmd -cert -list -expiry < days > -db < filename > -pw < paswsword > - type < type >
where:

-cert indicates the operation applies to a certificate.
-list <all | personal | CA | site> specifies a list action. The default is to list all certificates.
-expiry <days> indicates that validity dates should be displayed. Specifying the number of days is optional, though when used will result in displaying all certificates that expire within that amount of days. To list certificates that have already expired, enter the value 0.
-db <filename> is the name of the key database. It is used when you want to list a certificate for a specific key database.
-pw <password> specifies the password to access the key database.
-type <cms | JKS | JCEKS | pkcs12> specifies the type of database.