IBM GSK application object

Defines the data necessary for Trust Protection Platform to provision certificates to network devices in the IBM Global Security Kit (GSK) format used by application servers like IBM HTTP Server and WebSphere.

Class Name: GSK
Driver Name: appgsk
Inheritance: Parent class—Application Base

Note When assigning the private key password credential for the GSK keystore, avoid using backslash ( \ ) characters.

GSK attributes * indicates a required attribute
Attribute	Description
Backup Store UI: NA Required: No	Policy Definable: No. Default: 0 A value of 1 specifies that Trust Protection Platform should backup the keystore prior to manipulating it. This attribute may be deprecated.
Certificate Label UI: Certificate Label Required: Yes	Policy Definable: Yes. Default: NA
Create Store UI: Create Required: No	Policy Definable: Yes. Default: 0 A value of 1 specifies that Trust Protection Platform should create a new keystore file if one does not already exist.
Default Cert UI: Default Certificate Required: No	Policy Definable: Yes. Default: 0 A value of 1 specifies that the certificate should be designated as the default certificate in the keystore.
Disable SSH History UI: Disable SSH History Required: No	Policy Definable: Yes. Default: 0 A value of 1 stops writing the executed SSH commands into the History log.
File Validation Disabled UI: Disable File Validation Required: No	Policy Definable: Yes. Default: 0 0 = Validate. Authenticate to the managed device using assigned credentials. 1 = Disable validation.
Fips Key UI: Use FIPS Required: No	Policy Definable: Yes. Default: 0 The way to generate and install the certificate and private key. The GSK device requires the Federal Information Processing Standard (FIPS) module. 1 = Use FIPS standards.
Hide Command Line Passwords UI: Hide Command Line Passwords Required: No	Policy Definable: Yes. Default: 1 A value of 1,masks the password with a string like 'HIDDENPASS0'.
Java Home Path UI: Java Home Path Required: No	Policy Definable: Yes. Default: 0 The value of the JAVA_HOME environment variable that identifies the location of the IBM JRE required by the GSKit utilities. If blank, Trust Protection Platform will rely upon the user’s environment settings to specify the JAVA_HOME.
Key Store UI: Key Store Path Required: Yes	Policy Definable: Yes. Default: NA The full path and filename of the keystore that Trust Protection Platform is to manage.
Key Store Credential UI: Key Store Credential Required: Yes	Policy Definable: Yes. Default: NA The Distinguished Name (DN) of the Password Credential object that defines the password used to secure the keystore.
Key Store Validation Disabled UI: Disable Key Store Validation Required: No	Policy Definable: Yes. Default: 0 A value of 0 specifies that Trust Protection Platform should perform key store validation by authenticating to the managed device using assigned credentials. A value of 1 specifies that Trust Protection Platform should not perform key store validation.
Network Validation Disabled UI: Disable Network Validation Required: No	Policy Definable: Yes. Default: 0 File validation by Trust Protection Platform: 0= Perform network validation by making an SSL connection to the managed device. 1 = Do not perform network validation.
Password Expire Days UI: Password Valid For Required: No	Policy Definable: No. Default: 0 The number of days that the password can be used to access the keystore before the keystore becomes inaccessible. A value of 0 specifies that the password does not expire.
Recycle Alias UI: Reuse Label Required: No	Policy Definable: Yes. Default: 1 A value of 1 specifies that Trust Protection Platform should install the certificate with a label that has already been used.
Refresh Security UI: Refresh Security Required: No	Policy Definable: No. Default: 0 A value of 1 specifies that Trust Protection Platform should refresh the WebSphere MQ security cache after a successful installation. This attribute may be deprecated.
Replace Store UI: Replace Existing Required: No	Policy Definable: Yes. Default: 0 A value of 1 specifies that Trust Protection Platform should back up the existing keystore and create a brand new one.
Stash Password UI: Stash Password Required: No	Policy Definable: No. Default: 0 A value of 1 specifies that Trust Protection Platform should generate a .sth file to store the keystore password. Application servers often reference the .sth file to obtain access to the keystore.
Store Type UI: Store Type Required: No	Policy Definable: Yes. Default: CMS The type of GSK keystore. Deprecated:JCEKS, JKS, and PKCS#12.
Temp Certificate Label UI: NA Required: No	Policy Definable: Yes. Default: NA Used internally to store the label of a remotely generated CSR.
Utility Path UI: GSK Utility Path Required: No	Policy Definable: Yes. Default: NA The file system path on the managed device where the GSK utilities are located. If this value is left blank, Trust Protection Platform will rely upon the user's environment to provide the location of the utilities.
Version UI: Version Required: No	Policy Definable: Yes. Default: GSK 7.0 The version of the GSKit utilities being used to manage the keystore. Supported versions are : GSK 7.0 and GSK 8.0.