HCL Workload Automation, Version 9.4

Migrating the certificates

This section describes the commands you must run to migrate certificates to the FIPS-compliant format, KDB.

Note that PEM format cannot be directly converted to KDB format; you must first convert PEM to PKCS12 and then to KDB.

The following list describes the command you must run to convert from one format to another:

JKS format to KDB format

gsk7cmd -keydb -convert -db TWSClientKeyFile.jks -pw default -old_format jks -new_format cms

gsk7cmd -keydb -convert -db TWSClientTrustFile.kdb -pw default -old_format cms -new_format jks

PKCS12 format to KDB format

gsk7capicmd -cert -export -target TWSClientKeyFile_new.kdb -db TWSClientKeyFileP12.P12 -fips -target_type cms -type pkcs12

PKCS12 format to PEM format

openssl pkcs12 -in TWSClientKeyFileP12.P12 -out TWSClientKeyFile.pem

PEM format to PKCS12 format

openssl pkcs12 -export -in TWSClientKeyFile.pem -out cred.p12

KDB format to PKCS12 format

gsk7capicmd -cert -export -db TWSClientKeyFile.kdb -target TWSClientKeyFileP12.P12 -fips -target_type pkcs12 -type cms