Examples for creating keystores using IBM® GSKit

This topic demonstrates examples for creating keystores for TLS (Transport Layer Security) connections between database clients and servers. The examples in this topic use the tool "gsk8capicmd" provided by IBM's GSKit (Global Security Kit). This IBM® Global Security Kit (GSKit) provides libraries and utilities for TLS communication. GSKit version 8 is installed with the Informix® database server and database client products. The examples have been tested on Linux (x86 64-bit) as OS, using GSKit 8.0.55.26. For more information on GSKit as well as a complete reference for the "gsk8capicmd" tool please see the the "GSKCapiCmd User's Guide" at ftp://ftp.software.ibm.com/software/webserver/appserv/library/v80/GSK_CapiCmd_UserGuide.pdf.

IBM® GSKit is available for 32-bit as well as 64-bit architectures, and depending on the installed GSKit package, the "gsk8capicmd" utility has different names: simply "gsk8capicmd" for a 32-bit installation, and "gsk8capicmd_64" for a 64-bit installation. For simplicity, throughout this topic the utility is referred to just as "gsk8capicmd".

Remember: This topic is not a reference for the shown "gsk8capicmd" commands. Actual command syntax and functionality may be subject to change, especially with newer versions of GSKit.

The topic "Concepts of Keys, Certificates and Keystores for TLS" explains the advantages of using an in-house certificate authority (CA) vs. using only self-signed server certificates or involving a commercial CA. Therefore, this topic shows a simple example for setting up such an in-house CA.