ikeyman Utility
The "ikeyman" is a GUI utility for certificate management. You might be already familiar with this utility but this is a gentle effort from my side to provide an insight about this utility for the folks who are not aware of it. normally this utility will be there in the ..../jre/bin directory of Java installed location.
The figures below are self explainable hence i am not giving a detailed explanation.
Note:- Kindly post your comments, Add ons and offcourse the "likes" in this blog
Creating a new key database
Open ikeyman and then select "New" from "Key Database File" Menu. |
| Figure 1 |
 |
| Figure 1a |
2.) Enter a filename for new DB
3.) Type the location to store the Key DB file.
4.) Press Ok
 |
| Figure 1b |
 |
| Figure 1c |
This shows the filename and location of the DB and the certificate types. Confirm the filename and location of above screen (Figure 1c) with figure1a.
Receiving a personal certificate
You can receive your personal certificate from CA by using this option, This can be done only if you have raised the certificate request from current key DB file.
 |
| Figure 2a |
2.) Press receive button from right panel
 |
| Figure 2b |
 |
| Figure 2c |
You can see the personal certificate label here. This label would be the one which you have entered while creating the certificate request and it can be changed by using the option "Rename" at the right pannel.
Importing a certificate
This option is useful if you want import a certificate from another key DB file. Suppose you have created a certificate request from one of the key DB file and once after receiving the certificate from CA you want to add this to another key DB file, Here you can't use "Receive" option because you created the request from another Key DB file.
In this scenario you can use "Receive" option from the Key DB where you originally created the certificate request to receive the personal certificate and then import this certificate from any of the Key DB file.
 |
| Figure 4a |
Select "New" from "Key Database File" menu option
 |
| Figure 4b |
1.) Select the "Key Database File Type" value, This is the format of the key DB file. The available types are JKS, JCEKS and PKCS12.
2.) Enter a filename for new DB
3.) Type the location to store the Key DB file.
4.) Press OK
 |
| Figure 4c |
Enter password for new Key DB file.
 |
| Figure 4d |
1.) Select "Personal Certificate" from the drop down list
2.) Press import button from the right panel
 |
| Figure 4e |
1.) Select the key DB type of the file from where you want to import the certificate.
2.) Browse/Type the Key DB filename from where you want to import the certificate.
3.) Confirm/Type the location
4.) Press OK
 |
| Figure 4f |
Enter password of the Key DB file from where you want to import the certificate and then press OK
 |
| Figure 4g |
This will list the labels of available certificates.
1.) Select label of the certificate which you want to import.
2.) Press OK
 |
| Figure 4h |
Here you can change the label if you want. You can skip this if you done want a label change.
1.) Select the label
2.) Enter New Label
3.) Press Apply (after this the label testca will get changed to personalCert
4.) Press OK
 |
| Figure 4i |
This screen shows the label of the certificate which you imported just now. If you want you can select the label and press view/Edit to view the details of the certificate.
Creating a Self Signed Certificate
 |
| Figure 5a |
 |
| Figure 5b |
2.) Browse/Type the filename.
3.) Confirm/Type the location.
4.) Press OK
 |
| Figure 5c |
Enter the password of the Key DB file which you selected in Figure 5b
 |
| Figure 5d |
2.) Press "New Self Signed Certificate" Button in the right panel
3.) Enter the certificate details, I have marked certain key points here for you attention.
4.) Press OK
 |
| Figure 5e |
2.) Press View/Edit to view the newly created self singed certificate.
 |
| Figure 5f |
This screen shows the details of newly created self signed certificate.
Adding Signers
Open a Key DB file for adding the signers
 |
| Figure 6a |
 |
| Figure 6b |
1.) Enter/Browse the filename of the signer certificate which you want to add.
2.) Confirm the location of the file.
3.) Press OK.
 |
| Figure 6c |
Enter Label for the Signer certificate.
 |
| Figure 6d |
Extracting a Certificate
Open the Key DB File
 |
| Figure 6e |
1.) Select "Signer Certificate" from drop down list.
2.) Select the label of the certificate which you want to extract
3.) Press "Extract" from the right panel.
4a.) Select the Data type.
4b.) Enter a filename to store the extracted certificate.
4c.) Type the location of the file.
4d.) Press OK
This will create a file with the name testSignerExtract in the specified location and stores the signer certificate with the label "testSigner" in it.
Hi Prasanth,
ReplyDeleteI have a question here.
One of my application's certificate which is present in the path C:\Program Files (x86)\IBM\Websphere MQ\ssl in a key. kdb file is expiring on the end of this month.
I took 2 backups of the ssl folder and placed it in my local desktop.
I have created a new certificate and have successfully imported it into a keystore of one of the backups - This becomes the new ssl folder with 4 files namely key.crl. key.kdb. key.rdb and key.sth.
Now since I don't have admin access to overwrite this ssl folder in my local path, I asked one of my colleagues who has admin access to do so. After this overwrite I opened the keystore again but strangely the new certificate was not visible to me. The only thing that was visible were the signers.
Strangely enough when my colleague logged into my machine using admin access he was able to see the new certificate.
Is this issue related to access? My application is working as smooth as ever without any issues and I have verified thrice that I have followed correct procedure.
As a proof when I copy the newly updated ssl folder outside the path C:\Program Files (x86).....\ssl
to anywhere in my local it is actually showing the new cert in iKeyman. I checked with MQ guys in y team and they told its an access issue but I wanted to double check
Nice Blog !
ReplyDeleteOur experts at QuickBooks Customer Service make sure to offer you optimum results in these certainly unprecedented times.
It is very interesting fact, Amazing blog thank for share. Keep it ups
ReplyDeleteBulk PDF Signer