# Generate WAS admin console password
cat /opt/IBM/WebSphere85/AppServer/profiles/appprofile/properties/sas.client.props | grep -a2 "IIOP"; cat /opt/IBM/WebSphere85/AppServer/profiles/appprofile/properties/sas.client.props | grep -a2 "IIOP" | grep Password | awk -F{ '{print "{"$2}' | xargs /opt/IBM/WebSphere85/AppServer/java/bin/java -Djava.ext.dirs=/opt/IBM/WebSphere85/AppServer/plugins:/opt/IBM/WebSphere85/AppServer/lib com.ibm.ws.security.util.PasswordDecoder
# Renew WAS cert
###################################################
Client cert
###################################################
1.
/opt/IBM/WebSphere85/AppServer/java/bin/keytool -genkeypair -v -alias clientauth -keyalg RSA -keysize 2048 -validity 365 -sigalg SHA2withRSA -keystore clientauth-keystore.p12 -storetype pkcs12 -storepass abcdA2m7H0 -keypass abcdA2m7H0 -dname "CN=clientauth,O=The Corporation Limited,L=Hong Kong,C=CN"
2.
/opt/IBM/WebSphere85/AppServer/java/bin/keytool -certreq -alias clientauth -file clientauth-keystore.csr -keystore clientauth-keystore.p12 -storetype pkcs12
pwd: abcdA2m7H0
3. Import root
/opt/IBM/IBMIHS85/bin/gskcmd -cert -add -db clientauth-keystore.p12 -pw abcdA2m7H0 -file Root.cer -label abcdROOTCA
4. Import int
/opt/IBM/IBMIHS85/bin/gskcmd -cert -add -db clientauth-keystore.p12 -pw abcdA2m7H0 -file Int.cer -label abcdINTCA
5. Validation
/opt/IBM/IBMIHS85/bin/gskcmd -cert -receive -db clientauth-keystore.p12 -pw abcdA2m7H0 -file clientauth.cer
6. Check p12 status
/opt/IBM/IBMIHS85/bin/gskcmd -cert -details -db clientauth-keystore.p12 -pw abcdA2m7H0 -label clientauth
7. Import p12 into kdb
/opt/IBM/IBMIHS85/bin/gskcapicmd -cert -import -db clientauth-keystore.p12 -pw abcdA2m7H0 -target gss_fqdn.kdb -target_pw amh@2018Mar
###################################################
IHS cert
###################################################
1. Generate kdb/rdb/sth:
/opt/IBM/IBMIHS85/java/jre/bin/ikeycmd -keydb -create -db gss_fqdn.kdb -pw amh@2018Mar -type cms -stash
2. Generate CSR:
/opt/IBM/IBMIHS85/java/jre/bin/ikeycmd -certreq -create -db gss_fqdn.kdb -pw amh@2018Mar -size 2048 -dn "CN=gss_fqdn,O=The Corporation Limited,C=CN,L=Hong Kong" -file gss_fqdn.csr -label gss_fqdn
3. Verify CSR:
/opt/IBM/IBMIHS85/java/jre/bin/ikeycmd -certreq -list -db gss_fqdn.kdb -pw amh@2018Mar
4. import root cer
/opt/IBM/IBMIHS85/java/jre/bin/ikeycmd -cert -add -db gss_fqdn.kdb -pw amh@2018Mar -file Root.cer -label "abcd ORCA G2"
5. import issue cer
/opt/IBM/IBMIHS85/java/jre/bin/ikeycmd -cert -add -db gss_fqdn.kdb -pw amh@2018Mar -file Int.cer -label "abcd Issuing CA02-G2"
6. receive signed cer
/opt/IBM/IBMIHS85/java/jre/bin/ikeycmd -cert -receive -db gss_fqdn.kdb -pw amh@2018Mar -file gss_fqdn.cer
7. Trust server cert
keytool -import -v -file "c:\Memo\RBP\Lin\2017\2017_STMA\SRBPEQ-670 - Online HTTPS setup\AMH_UAT_Online\gss_fqdn.cer" -keystore "C:\Users\43384141\git\srbp-api\src\main\resources\key\abcdkeystore.jks" -alias gss_fqdn
keytool -import -v -file "c:\Memo\RBP\Lin\2017\2017_STMA\SRBPEQ-670 - Online HTTPS setup\AMH_UAT_Online\gss_fqdn.cer" -keystore "C:\Users\43384141\git\wealth-compliance-hk-abcd\src\main\resources\keyfiles\abcdkeystore.jks" -alias gss_fqdn
/opt/IBM/IBMIHS85/java/jre/bin/ikeycmd -cert -list -db gss_fqdn.kdb -pw amh@2018Mar