| Author |
Message
|
| KIT_INC |
 Posted: Tue Aug 02, 2011 5:33 am Post subject: gsk7cmd question |
 |
|
Knight
Joined: 25 Aug 2006
Posts: 589
|
Using the gsk7cmd I can export and import certificates.
I can also extract and add certificates. Can someone point me to some documentations or help me to understand what's the difference between using export and import versus using extract and add ? |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Tue Aug 02, 2011 6:18 am Post subject: Re: gsk7cmd question |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| KIT_INC wrote: |
Using the gsk7cmd I can export and import certificates.
I can also extract and add certificates. Can someone point me to some documentations or help me to understand what's the difference between using export and import versus using extract and add ? |
AFAIK export import is for the full store vs add and extract is for single certs.
For doc there is a pdf somewhere. A quick google search for gsk7cmd or gsk7capicmd should have revealed plenty of material... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Aug 02, 2011 6:19 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
I'd thought it was the difference between working with the keystore and the truststore?
That you could export and import certs from the keystore and add/remove them from the truststore. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Aug 02, 2011 6:25 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| mqjeff wrote: |
I'd thought it was the difference between working with the keystore and the truststore?
That you could export and import certs from the keystore and add/remove them from the truststore. |
I believe that distinction is made with the -trusted yes flag on the inbound side, on the outbound it would be by the name/label of the cert...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| KIT_INC |
| Posted: Tue Aug 02, 2011 6:49 am Post subject: |
|
|
Knight
Joined: 25 Aug 2006
Posts: 589
|
This is what I get from the MQV7 info center regarding comands for CMS or PKC12 data base.
–cert –import
Import a personal certificate from a key database
–cert –export
Export a personal certificate and its associated private key from a key database into a PKCS #12 file, or to another key database
–cert –extract
Extract a certificate from a key database
–cert –add
Add a certificate from a file into a key database
–cert –receive
Receive a certificate from a file
Under import and export, it says personal certificate but nothing under extract and add.
Does it mean that I should use export and import for personal certs and extract and add for signer certs ?
Not sure when to use receive ? |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Aug 02, 2011 10:17 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| KIT_INC wrote: |
This is what I get from the MQV7 info center regarding comands for CMS or PKC12 data base.
–cert –import
Import a personal certificate from a key database
–cert –export
Export a personal certificate and its associated private key from a key database into a PKCS #12 file, or to another key database
–cert –extract
Extract a certificate from a key database
–cert –add
Add a certificate from a file into a key database
–cert –receive
Receive a certificate from a file
Under import and export, it says personal certificate but nothing under extract and add.
Does it mean that I should use export and import for personal certs and extract and add for signer certs ?
Not sure when to use receive ? |
No it means that you can change the format of the store from pkcs12 to CMS to JKS using import / export commands.
add / receive and extract are then used to manipulate the individuals certs and interface with the outside world (pem, X509, etc...).
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
