I have created four liberty servers (Liberty1, Liberty2, Liberty3, Liberty4 as server names) and one IBM HTTP Server as front end. All my request are routing through the IHS. SSL has been installed and its between HTTP Server and Liberty1 server. I have generate merged Plugins of different Liberty Servers and propagate to IHS. Now my challenge is to merge the Plugin-cfg.kdb, pluging-cfg.rdb, plugin-cfg.sth file and copy it to the Webserver plugin folder for SSL to work on the Liberty servers. Could anyone provide me the commands to do the same. (Please not through ikeyman).
Asked
Active
Viewed 377 times
1 Answers
0
You only need to merge the CA certificates in the *.kdb. Here's an example script that extracts all the signers and collects them in a new keystore:
https://github.com/covener/plugin-tools/blob/master/mergekdbs.sh
if [ $# -lt 3 ]; then
echo "$0 merged.kdb old1.kdb old2.kdb [old3.kdb...]"
exit 1
fi
NEWKDB=$1
shift
if [ ! -f $NEWKDB ]; then
gskcapicmd -keydb -create -db $NEWKDB -pw WebAS -stash
fi
DIR=`mktemp -d`
for OLDKDB in "$@"; do
gskcapicmd -cert -list -stashed -db $OLDKDB| grep ^\!| cut -d\! -f 2|sed -e s'/"//g' \
| while read line; do
rm -f "$DIR/$line"
gskcapicmd -cert -extract -stashed -target "$DIR/$line" -label "$line" -db $OLDKDB
done
done
find $DIR -type f |
while read CA; do
gskcapicmd -cert -add -db $NEWKDB -stashed -file "$CA" -label "`basename "$CA"`"
done
covener
- 17,402
- 2
- 31
- 45
-
Note: uses a default password if a new keystore is specified as the first arg. – covener Nov 06 '17 at 15:04
-
Tks for the timely help – P Darius Nov 08 '17 at 06:06