During past days I have generated and tested the certificate directly from Ikeman utility using an IHS 8.5.5.FP16 without issue but on a 8.5.5 OLD FixPack server starting the service I was getting
After checks on IBM docs I saw several upgrades related to KDB during the years and Fixpacks so I decided to try to create a new KDB directly from this 8.5.5 old FP server.
I had also a certificate copy in .p12 format and I decided to use it into a new kdb file generated on the server using the gskcapicmd utility , available into the HTTPServer bin folder.
This command will create you a new kdb file with a password stashed into a .sth file
./gskcapicmd -keydb -create -pw yourPassword -stash -db ../cert/Certificate.kdb
now we can import the .p12 certificate
./gskcapicmd -cert -import -pw yourPassword -target ../cert/Certificate.kdb -file /tmp/certificate.p12 -type pkcs12
This command can be used to verifify the KDB file
./gskcapicmd -cert -list -db ../cert/Certificato.kdb -stashed
We was getting this output with 2 root intermediate certificate and the host ssl certificate
this means the kdb was build but we need to set the host ssl certificate as default with the following command
./gskcapicmd -cert -setdefault -db ../cert/Certificate.kdb -stashed -label fqdn.server.com
now we could repeat the -cert -list command and verify again the kdb
the * before the fqnd.server.com means this kdb could be used with the right certificate.
To obtain more infos about gskcapicmd command please read the IBM doc.