GithubHelp home page GithubHelp logo

tba1965 / dcm-tools Goto Github PK

View Code? Open in Web Editor NEW

This project forked from theprez/dcm-tools

0.0 0.0 0.0 225 KB

Command-line tools for working with Digital Certificate Manager (DCM) on IBM i

License: Apache License 2.0

Makefile 1.01% Shell 1.56% Java 97.42%

dcm-tools's Introduction

DCM Tools for IBM i

Command-line tools for working with Digital Certificate Manager (DCM) on IBM i.

Can be used in conjunction with CertBot to automate the acquisition/assignment/renewal of LetsEncrypt certificates

Currently still under development and without complete testing. Proceed at your own risk. I'm not kidding.

Current features

dcmimport

Used to import certificates into DCM.

It can be used to import files of type:

  • Binary DER-encoded certificate files
  • Binary DER-encoded certificate bundles
  • Human-readable DER-encoded certificate files
  • Human-readable DER-encoded certificate bundles
  • JKS trust stores
  • JCEKS trust stores
  • PKCS#12 or PFX bundles
  • A directory containing any of the above
  • A .zip file containing any of the above

It can also be used to fetch certificates from a remote host and import to DCM.

dcmexport

Used to export the entire DCM keystore to file

dcmexportcert

Used to export a single certificate from a DCM keystore to file

dcmassign

Used to assign a certificate to a registered application

dcmrenew

Used to renew a certificate, given a new certificate file, for instance, a new LetsEncrypt certificate from CertBot CertBot

Future features

Check out the issues board for this project to see things that may be future enhancements to this toolset

Have feedback or want to contribute?

Feel free to open an issue with any questions, problems, or other comments. If you'd like to contribute to the project, see CONTRIBUTING.md for more information on how to get started.

In any event, we're glad to have you aboard in any capacity, whether as a user, spectator, or contributor!

Installation

yum install https://github.com/ThePrez/DCM-tools/releases/download/v0.0.1/dcmtools-0.0.1-0.ibmi7.4.ppc64.rpm

Or, to build from source, clone this repository and run make install

Basic usage

Usage of the command is summarized as:

Usage: dcmimport  [options] [[filename] ..]

    Valid options include:
        -y:                            Do not ask for confirmation
        --password[=password]:         Indicate that the input file is password-protected,
                                       and optionally provide a password
        --dcm-store=<system/filename>: Specify the target keystore, or specify 'system'
                                       to indicate the *SYSTEM store (default)
        --dcm-password=<password>:     Provide the DCM keystore password (not recommended)
        --fetch-from=<hostname>[:port] Fetch CA certificate(s) from the given hostname/port
        --ca-only                      Only import CA Certificates
        --cert=<id>                    Recommend a certificate ID when imported into DCM
        --installed-certs:             import all certificates that are installed into PASE
                                       environment, for instance, certificates in the
                                       ca-certificates-mozilla package


Usage: dcmexport <filename>

    Valid options include:
        -y:                            Do not ask for confirmation
        --password[=password]:         Indicate that the output file is password-protected,
                                       and optionally provide a password
        --dcm-store=<system/filename>: Specify the target keystore, or specify 'system'
                                       to indicate the *SYSTEM store (default)
        --dcm-password=<password>:     Provide the DCM keystore password (not recommended)
        --format=<format>              Format of the output file (jceks, pks, pkcs12).
                                        (default: pkcs12)
                                        
                          
Usage: dcmexportcert [options] <filename>

    Valid options include:
        -y:                            Do not ask for confirmation
        --dcm-store=<system/filename>: Specify the target keystore, or specify 'system'
                                       to indicate the *SYSTEM store (default)
        --dcm-password=<password>:     Provide the DCM keystore password (not recommended)
        --cert=<id>:                   ID of the certificate to export
        --format=<format>:             Format of the output file (PEM/DER).
                                        (default: PEM)


Usage: dcmassign [options] <application_id>...

    Valid options include:
        -y:                              Do not ask for confirmation
        --cert=<id>:                     Certificate ID to assign
        --dcm-store=<system/filename>:   Specify the DCM certificate store, or specify 'system'
                                         to indicate the *SYSTEM store (default)

    For application id, specify the id as defined in DCM, or a 'shorthand' identifier.
    Valid shorthand identifiers include:
        5250
        TELNET
        HOSTSERVERS
        HOSTSERVER
        HOSTSVR
        CENTRAL
        DATABASE
        DTAQ
        NETPRT
        RMTCMD
        SIGNON
        FILE
        DIRSRV
        SMTP
        FTP
        POP
        OBJC
        
 
Usage: dcmrenew [[filename] ..]

    Valid options include:
        -y:                            Do not ask for confirmation

Usage examples

Import certs from file myfile:

dcmimport myfile

Import all PASE-installed certificates (such as ca-certificates-mozilla) into DCM, without asking questions:

dcmimport --installed-certs --target=system --dcm-password=abc123 -y

Import the Java certificates from JV1's Java 8

dcmimport /QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre/lib/security/cacerts

Renew a LetsEncrypt certificate

/opt/certbot/bin/certbot renew
dcmrenew /etc/letsencrypt/live/mydomain.dom/fullchain.pem

dcm-tools's People

Contributors

theprez avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.