Monday, February 14, 2011

Generate Key store 2048 in Websphere application server 6.x

Hello Everyone,

Last week one of my consultant had issues with creating SSL certificate 2048 in Websphere Application server v6.

We had apply some workaraounds for the same.


Problem discription :

The iKeyman utility within IBM HTTP Server V6.0 does not provide the option to create a certificate request (CSR) 2048 key size

After a CMS key database has been created using the iKeyman utility, in the task of creating a certificate request, the key size options listed are 512 and 1024.

After searching on google and IBM site we have found following cause :

By default, the iKeyman utility uses the Java 1.4 version of the gskikm.jar file installed with IBM HTTP Server V6.0. The file is located in the following directory:

/_jvm/jre/lib/ext/

The classes within this version of the gskikm.jar file only supply the key size options of 512 and 1024. By renaming and moving the gskikm.jar file from its default location, the iKeyman utility will load the Global Security Toolkit (GSKit) v7 classes providing an additional key size of 2048.


So for Resolving the problem we had Followed steps:

1. Stop the iKeyman utility.

2. Ensure the GSKit is installed with IBM HTTP Server V6.0, and has a 7.0.3.18 or higher version to support a key size of 2048. Applying the latest available IBM HTTP Server V6.0 fix pack will upgrade the GSKit V7 to a higher version.

OR

From the IBM HTTP Server Fixes web site, download and manually install the latest GSKit V7.0.4.28 ( PM07113 - IHS Version 6). A readme file will be included with instruction on how to install GSKit on a UNIX or Windows platform.

3. Rename and move the /_jvm/jre/lib/ext/gskikm.jar file to a directory that is not detectable to the JDK class path, extdirs, or bootclasspath.

For example:

From:

/_jvm/jre/lib/ext/gskikm.jar

To:

/_jvm/jre/lib/ext/gskfiles/gskikm.jar.org

4. Restart the iKeyman utility.

5. Follow the create a certificate request task and select the Key Size

Now we can see key size 2048 with 512 and 1024, before troubleshooting this problem i was not aware of this reasons.

So finally we resolve the issue and thanks to google and IBM site..... :)

Enjoy wroking with Middleware... Hope it will help you,,,


Regards,
Ajinkya Vichare
Posted by at

1 comment:

  1. Raju SwargamJuly 20, 2011 at 5:18 PM

    hi Ajinkya,

    First of all,I congratulate to u because of u r help.

    I had an issue in OIM.

    Actually am very new to OIM, according to my requirement i have to create a form and publish the form. I tried so many ways, the problem is am creating the form but am unable to publish and use..
    can u let me know the same..

    From Last couple of days am struggle with the same.


    Regards
    Raju Swargam

    ReplyDelete

Subscribe to: Post Comments (Atom)