Using ikeycmd with spaces in the -label parameter

This one gave me loads of bother.. but I worked it out eventually :-)

Here's the problem..
Normally, when you want to look at the details of a keystore entry you run 

/opt/ihs/java/jre/bin/ikeycmd  -cert -details -label myLabel -db /tmp/myKeystore.kdb -pw myPasword

However, if somebody has imported a cert without specifying a label, the DN will be used as a default label, which invariably contains spaces. 'OK' you might thing, 'a couple of quotes will do nicely' ... not true!. I tried every combination of quotes, brackets and backslashes know to man or martian and none of them worked.

In the end, this article gave me the vital clue http://publib.boulder.ibm.com/httpserv/ihsdiag/gather_certificate_doc.html (search for the word parameter within) and running the java command directly as opposed to via the wrapper script (which is all ikeycmd is) did the trick.. see example below


/opt/ihs/java/jre/bin/java -ms8m com.ibm.gsk.ikeyman.ikeycmd  -cert -details -label 'CN=bobclarke.co.uk, OU=PKI, O=London Town C=GB' -db /tmp/myKeystore.kdb

NOTE: you still need to put single quotes around the label 

Using ikeycmd

Create a keystore 

/opt/bpm/ihs/java/jre/bin/ikeycmd -keydb -create -db /opt/ihs/ssl/ihskeystore.kdb -pw mypassword -type cms -expire 3650 –stash 

Export a keypair and directly import into another keystore 

/opt/ihs/java/jre/bin/ikeycmd -cert -import -db /tmp/certs/myKeyPair.jks -pw mypassword -label key -type jks -target /opt/ihs/ssl/ihskeystore.kdb -target_pw mytargetpassword -target_type cms

List keystore entries

/opt/ihs/java/jre/bin/ikeycmd -cert -list -type jks -db /tmp/certs/myKeyPair.jks -pw mypassword 

List keystore entry details

/opt/ihs/java/jre/bin/ikeycmd -cert -details -label myLabel -type jks -db /tmp/certs/myKeyPair.jks -pw mypassword