Creating your own Certificate Authority
Create the CA on any workstation in your network. Run the following
steps only once to create a CA that will be used each time a new certificate
needs to be created and signed.
- Enter the following command to create the CMS key database “ca.kdb”
with password “password00” that expires after 1000 days.
gsk7capicmd -keydb -create -db ca.kdb -pw password00 -stash -expire 1000 -fips - Enter the following command to create the self-signed certificate
with label “CA certificate” using the distinguish name “CN=CA certificate,O=IBM,OU=TWS,C=IT”.
The certificate expires after 1000 days.
gsk7capicmd -cert -create -db ca.kdb -pw password00 -label "CA certificate" -size 2048 -expire 1000 -dn "CN=CA certificate,O=IBM,OU=TWS,C=IT" - Enter the following command to extract the CA certificate into
external file “ca.crt”. The certificate is addressed by the corresponding
label.
gsk7capicmd -cert -extract -db ca.kdb -pw password00 -label "CA certificate" -target CA.crt