Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Install VIOS SSL Certificate on Integrated Virtualization Manager
Operating Systems AIX Install VIOS SSL Certificate on Integrated Virtualization Manager Post 303027219 by JAY2068 on Tuesday 11th of December 2018 10:17:42 AM
Old 12-11-2018
None of those links is what I have. I do not have "IBM Spectrum Control" available to me. I have a P8 with AIX installed with three LPARS the vios has a website that controls the LPAR's. It has a self signed cert. We need to put our own certificate on this.


The second link shows using '/opt/ibm/ccm/create_security_artifacts.sh' but that file is not found anywhere on my VIOS.


I think the keystore is here (not 100% sure): /usr/ios/lpm/gui/httpd/security/keystore/ibmjsse2.jks and .jts
 

9 More Discussions You Might Find Interesting

1. Web Development

SSL Certificate Installation problem

Hello everybody Hope somebody can help me I'm trying to install SSL Certificate on Apache/mod_ssl on Linux with Zend for Oracle. I bought and downloaded certificate from certificate from Network Solutions. Than I followed the instructions to the dot. I created a directory for certificate... (2 Replies)
Discussion started by: Trusevich
2 Replies

2. Web Development

SSL certificate

Dear All Anyone know how to issue two different certification on apache virtualhost fyi i have one virtualhost eg 69.192.1.25:443 already signed with verisign how can i configure another virtualhost 69.192.1.25:443 which signing with another certificate which self signing. i search net not... (1 Reply)
Discussion started by: netxus
1 Replies

3. AIX

Installing SSL certificate on AIX

Hello, I am new in UNIX, and some one asks me to install SSL certificates to allow exchange with an external system. Can someone tell how to install certificate (ex : verisignxxx.cer) on a UNIX server? Many thanks. Tibo (4 Replies)
Discussion started by: tibo51
4 Replies

4. Cybersecurity

SSL certificate

Hi guys. I have some questions about ssl certificates. I looked at SSL providers and saw that they are providing 2 types of certificates: per server or per domain. my server host name is: srv1.example.com I have a smtp, imap, web server on this box. but all services accessed by different... (1 Reply)
Discussion started by: majid.merkava
1 Replies

5. Web Development

export SSL certificate

we are doing TCP for our systems. I have a working SSL certificate on prodction webserver. Im planning to export it to our DR server for TCP purposes. However when I export based on the procedure below, it doesn't work. When I restart the DR webserver, it still says the certifcate is expired.Any... (1 Reply)
Discussion started by: lhareigh890
1 Replies

6. AIX

IBM Integrated Virtualization Manager

We have AIX runninng on IBM Bladecenter When opening a terminal window for one of the lpars, in Internet explorer it opens a pop up window and I can login, but when using Mozilla Firefox the popup window is closed immediately or doesn't even open. Please help. (1 Reply)
Discussion started by: wjace
1 Replies

7. Red Hat

SSL Certificate Renewal on Tomcat

Hi, I want to renew the ssl certificate for one of my application on tomcat without down time. I want to know what would the possible impacts for the users who currently have sessions to the app. Regards, Arumon (1 Reply)
Discussion started by: arumon
1 Replies

8. Cybersecurity

SSL Certificate Stores

Hey everyone, I'm trying to get a lay of the land for OS and Application Certificate Stores. Can someone confirm that I have this concept right? If the application you're using say Firefox has it's own trusted CA store, it uses that exclusively. So if you're running firefox in Windows, Firefox... (4 Replies)
Discussion started by: Lost in Cyberia
4 Replies

9. Web Development

CronJobs issues after SSL certificate

Hello! I had a cron job running on my website, activating a php script every friday. The Php script just activated another photo to add in the gallery. It worked fine until I got an SSL certificate for my website, then everything broke. This was the command before: lynx -source... (0 Replies)
Discussion started by: AGDesign
0 Replies

LEARN ABOUT HPUX

pkgadm

pkgadm(1M)                                                                                                                              pkgadm(1M)

NAME

       pkgadm - manage packaging and patching system

SYNOPSIS

       pkgadm addcert [-ty] [-a app] [-k keystore] [-e keyfile] [-f format] [-n name] [-P passarg] [-p import_passarg] [-R rootpath] certfile

       pkgadm removecert [-a app] [-k keystore] -n name [-P passarg] [-R rootpath]

       pkgadm listcert [-a app] [-f format] [-k keystore] -n name [-P passarg] [-o outfile] [-R rootpath]

       pkgadm dbstatus [-R rootpath]

       pkgadm -V

       pkgadm -?

       The  pkgadm  utility  is  used  for  managing the packaging and patching system. It has several subcommands that perform various operations
       relating to packaging. The pkgadm command includes subcommands for managing certificates and keys used.

   Managing Keys and Certificates
       pkgadm maintains the packaging-system-wide keystore in /var/sadm/security, and individual user's certificates in ~/.pkg/security. The  fol-
       lowing subcommands operate on the package keystore database:

       addcert

           Add  (import) a certificate into the database, with optional trust. Once added, trusted certificates can be used to verify signed pack-
           ages and patches. Non-trusted user certificates and their associated keys can be used to sign packages and patches. Added user certifi-
           cates are not used to build certificate chains during certificate verification.

       removecert

           Removes  a  user certificate/private key pair, or a trusted certificate authority certificate from the keystore. Once removed, the cer-
           tificate and keys cannot be used.

       listcert

           Print details of one or more certificates in the keystore.

   Internal Install Database
       The Solaris operating system relies upon enhanced System V revision 4 (SVr4) packages as the basis for its software installation and  revi-
       sion management. The package maintenance software stores information about installed packages in an internal database. The pkgadm subcomand
       dbstatus is used to determine how the package internal database is implemented. The dbstatus command returns a string  that  indicates  the
       type  of internal database in use. In the current implementation, the dbstatus command always returns the string text, which indicates that
       the contents(4) package database is inuse. Future releases of Solaris might supply alternative database implementations.

       The following options are supported:

       -a app

           If this option is used, then the command only affects the keystore associated with a particular application. Otherwise, the global key-
           store is affected.

       -e keyfile

           When  adding  a  non-trusted certificate/key combination, this option can be used to specify the file that contains the private key. If
           this option is not used, the private key must be in the same file as the certificate being added.

       -f format

           When adding certificates, this specifies the format to expect certificates and private keys in. Possible values when adding are:

           pem             Certificate and any private key uses PEM encoding.

           der             Certificate and any private key uses DER encoding.

           When printing certificates, this specifies the output format used when printing. Acceptable values for format are:

           pem             Output each certificate using PEM encoding.

           der             Output each certificate using DER encoding.

           text            Output each certificate in human-readable format.

       -k keystore

           Overrides the default location used when accessing the keystore.

       -n name

           Identifies the entity in the store on which you want to operate. When adding a user certificate, or removing certificates, this name is
           required. The name is associated with the certificate/key combination, and when adding, can be used later to reference the entity. When
           printing certificates, if no alias is supplied, then all keystore entities are printed.

       -o outfile

           Output the result of the command to outfile. Only used when examining (printing) certificates from the key store. Standard out  is  the
           default.

       -P passarg

           Password  retrieval  method to use to decrypt keystore specified with -k, if required. See PASS PHRASE ARGUMENTS in pkgadd(1M) for more
           information about the format of this option's argument. console is the default.

       -p import_passarg

           This option's argument is identical to -P, but is used for supplying the password used to decrypt the certificate  and/or  private  key
           being added. console is the default.

       -R rootpath

           Defines  the  full  name  of  a  directory  to  use  as  the  root (/) path. The default user location of the certificate operations is
           ${HOME}/.pkg. If the -R option is supplied, the certificates and keys will be stored under <altroot>/var/sadm/security. Note that  this
           operation  fails  if the user does not have sufficient permissions to access this directory. The listcert command requires read permis-
           sion, while addcert and removecert require both read and write permission.

           Note -  The root file system of any non-global zones must not be referenced with the -R option. Doing so might damage the global zone's
                   file  system,  might  compromise  the  security  of  the  global  zone, and might damage the non-global zone's file system. See
                   zones(5).

       -t

           Indicates the certificate being added is a trusted CA certificate. The details of the certificate (including the Subject Name, Validity
           Dates,  and  Fingerprints)  are  printed  and the user is asked to verify the data. This verification step can be skipped with -y. When
           importing a trusted certificate, a private key should not be supplied, and will be rejected if supplied. Once a certificate is trusted,
           it can be used as a trust anchor when verifying future untrusted certificates.

       -V

           Print version associated with packaging tools.

       -y

           When  adding  a trusted certificate, the details of the certificate (Subject name, Issuer name, Validity dates, Fingerprints) are shown
           to the user and the user is asked to verify the correctness before proceeding. With -y, this additional verification step is skipped.

       -?

           Print help message.

       The following operand is supported:

       certfile

           File containing the certificate and optional private key, used when adding a trust anchor or certificate/key combination.  Certificates
           must be encoded using PEM or binary DER.

KEYSTORE ALIASES

       All keystore entries (user cert/key and trusted certificate entries) are accessed via unique aliases. Aliases are case-sensitive.

       An  alias  is  specified  when you add an entity to a keystore using the addcert or trustcert subcommand. If an alias is not supplied for a
       trust anchor, the trust anchor's Common Name is used as the alias. An alias is required when adding a signing certificate or chain certifi-
       cate. Subsequent pkgcert or other package tool commands must use this same alias to refer to the entity.

KEYSTORE PASSWORDS

       See pkgadd(1M) for a description of the passwords supplied to this utility.

       Example 1: Adding a Trust Anchor

       The following example adds a well-known and trusted certificate to be used when verifying signatures on packages.

       example% pkgadm addcert -t /tmp/certfile.pem

       Example 2: Adding a Signing Certificate

       The following example adds a signing certificate and associated private key, each of which is in a separate file, which can then be used to
       sign packages.

       example% pkgadm addcert -a pkgtrans -e /tmp/keyfile.pem 
       /tmp/certfile.pem

       Example 3: Printing Certificates

       The following example prints all certificates in the root keystore.

       example% pkgadm listcert

       0

           successful completion

       non-zero

           fatal error

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWpkgcmdsu                 |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Evolving                     |
       +-----------------------------+-----------------------------+

       pkginfo(1), pkgmk(1), pkgparam(1), pkgproto(1), pkgtrans(1), installf(1M), pkgadd(1M), pkgask(1M), pkgrm(1M), removef(1M),  admin(4),  con-
       tents(4), exec_attr(4), pkginfo(4), attributes(5), rbac(5)

                                                                    6 Apr 2005                                                          pkgadm(1M)
All times are GMT -4. The time now is 11:36 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy