Anywhere you go, let me go too

關於部落格
對人海闊天空,做事仔細周密
----------------------
因為改了平台後...覺得不是很好用....所以有另外......(評估中)
http://blog.xuite.net/king119wang/myskills
  • 32543

    累積人氣

  • 2

    今日人氣

    0

    訂閱人氣

Creating a certification authority in IBM MQ

建立CA的key repositories
----------------------
On Windows and UNIX systems each key database file has an associated
password stash file. This file holds encrypted passwords that allow
programs to access the key database.
The password stash file must be in
Key repository
48 Security
the same directory and have the same file stem as the key database, and
must end with the suffix .sth, for example
/var/mqm/qmgrs/QM1/ssl/key.sth

 -----------------------------------------
支援key reositories類型

C:Program FilesIBMWebSphere MQbin>runmqckm -keydb -list
5724-H72 (C) Copyright IBM Corp. 1994, 2004.  ALL RIGHTS RESERVED.
目前支援的金鑰資料庫類型。
     CMS
     JKS
     JCEKS
     CMS Cryptographic Token
     PKCS12
     Microsoft Certificate Store

------------------------------------------------------------------------------------

Create a Key respository for CA
CORP
C:Program FilesIBMWebSphere MQbin>
runmqckm -keydb -create -db "C:Program FilesIBMWebSphere MQsslCAftms_ca.kdb" -type cms -pw 1234 -stash
---------------------------
Create your self-signed CA certificate (即發行者內容和主體內容一樣的憑證)
runmqckm -cert -create -db "C:Program FilesIBMWebSphere MQsslCAftms_ca.kdb" -pw 1234 -type cms -label "ftmsCAcertificate" -dn "CN=FTMS_CA,OU=INFO,O=MEGA,C=TW,L=TAIPEI" -size 1024 -x509version 3 -expire 3650

[註]
The CA certificate is created inside the key repository. It is not yet
extracted into a file – we will do this in Step 1.3

------------------------------------------
Step 1.3: Extract the CA certificate(由key repositories中匯出ca cert)
C:Program FilesIBMWebSphere MQbin>

runmqckm -cert -extract -db "C:Program FilesIBMWebSphere MQsslCAftms_ca.kdb" -pw 1234 -type cms -label "ftmsCAcertificate" -target "C:Program FilesIBMWebSphere MQsslCAftmsCAcertificate.cer" -format ascii

[註]
The CA certificate is added into the key repositories of other
entities, in order to make those entities trust the CA
.
------------------------------------------
runmqckm -help
5724-H72 (C) Copyright IBM Corp. 1994, 2004.  ALL RIGHTS RESERVED.
物件     動作         說明
----     ------       ---------------------------------------------------------
-keydb   -changepw    變更金鑰資料庫的密碼
         -convert     轉換金鑰資料庫的格式
         -create      建立金鑰資料庫
         -delete      刪除金鑰資料庫
         -stashpw     將金鑰資料庫的密碼貯藏在檔案中
         -list        目前支援的金鑰資料庫類型。
-cert    -add         新增 CA 憑證
         -create      建立自我簽章的憑證
         -delete      刪除憑證
         -details     顯示特定憑證的明細
         -export      將個人憑證和相關私密金鑰匯出至
                      PKCS12 檔或金鑰資料庫
         -extract     從金鑰資料庫取出憑證
         -getdefault  顯示預設的個人憑證
         -import      從金鑰資料庫或 PKCS12 檔匯入憑證
         -list        列出金鑰資料庫中的憑證
         -modify      修改憑證(附註:可修改的欄位
                      只有信任欄位)
         -receive     接收憑證
         -setdefault  設定預設的個人憑證
         -sign        簽章憑證
-certreq -create      建立憑證要求
         -delete      刪除憑證要求資料庫的憑證
                      要求
         -details     顯示特定憑證要求的明細
         -extract     從憑證要求資料庫取出憑證
         -list        列示憑證要求資料庫中的所有憑證
                      要求
         -recreate    重建憑證要求
-version              顯示 ikeycmd 版本資訊
-help                 顯示這個說明本文
-------------------------------------------
-cert -create [-db <name>] [-crypto <module name> [-tokenlabel <token label>]|[-
relativeSlotNumber <slot_number>]] [-pw <passwd>] [-type <cms | jks | jceks | pk
cs12>] -label <label> -dn <dist name> [-size <2048 | 1024 | 512>] [-san_ipaddr <
ip addr>[,<ip addr>]] [-san_dnsname <dns name>[,<dns name>]] [-san_emailaddr <em
ail addr>[,<email addr>]] [-x509version <1 | 2 | 3>] [-default_cert <yes | no>]
[-expire <days>] [-usereasoncode] [-ca <true | false>]
-------------------------------------------
-cert -import -db <name> [-pw <passwd>] -label <label> [-type <cms | jks | jceks
>] [-target <name> -target_pw <passwd>] [-target_type <cms | jks | jceks | pkcs1
2>] [-new_label <label>] [-crypto <module name> [-tokenlabel <token label>]|[-re
lativeSlotNumber <slot_number>] -pw <passwd>] [-secondaryDB <filename> -secondar
yDBpw <password>] [-usereasoncode]
---------------------------------------------
-cert -import -file <name> [-type <pkcs12>] [-target <name> -target_pw <passwd>]
 [-target_type <cms | jks | jceks | pkcs12>] [-pfx] [-crypto <module name> [-tok
enlabel <token label>]
|[-relativeSlotNumber <slot_number>] -pw <passwd>] [-secon
daryDB <filename> -secondaryDBpw <password>] [-usereasoncode]
--------------------------------------------
-cert -extract [-db <name>] [-crypto <module name> [-tokenlabel <token label>]|[
-relativeSlotNumber <slot_number]] [-pw <passwd>] [-type <cms | jks | jceks | pk
cs12>] -label <label> -target <name> [-format <ascii | binary>] [-usereasoncode]
 


相簿設定
標籤設定
相簿狀態