Use the GSKCapiCmd tool. GSKCapiCmd is a tool that manages
keys, certificates, and certificate requests within a CMS key database.
The tool has all of the functionality that the existing GSKit Java™ command line tool has, except GSKCapiCmd
supports CMS and PKCS11 key databases. If you plan to manage key databases
other than CMS or PKCS11, use the existing Java tool.
You can use GSKCapiCmd to manage all aspects of a CMS key database.
GSKCapiCmd does not require Java to
be installed on the system.
<ihsinst>/bin/gsk7capicmd -certreq -create -db <name> [-crypto <module name> [-tokenlabel <token label>]]
[-pw <passwd>] -label <label> -dn <dist name> [-size <2048 | 1024 | 512>] -file <name> [-secondaryDB
<filename> -secondaryDBpw <password>] [-fips] [-sigalg <md5 | sha1
|sha224|sha256|sha384|sha512> ![[sep2010]](../../deltaend.gif)
sep2010
]
Avoid trouble: ![[sep2010]](../../delta.gif)
On Unix type operating
systems it is recommended to always encapsulate string values associated
with all tags in double quotes (“”). You will also need to escape,
using a ‘\' character, the following characters if they appear
in the string values: ‘!', ‘\', ‘”', ‘`'. This
will prevent some command line shells from interpreting specific characters
within these values. (e.g. gsk7capicmd –keydb –create –db “/tmp/key.kdb”
–pw “j\!jj”). Note however when prompted by gsk7capicmd for a value
(for example a password) quoting the string and adding the escape
characters should not be done. This is because the shell is no longer
influencing this input.
![[sep2010]](../../deltaend.gif)
sep2010
gotcha