pki/SafeDC-Net-Root-CA-win64.bat

@echo off
:: Installation script for PEM-file into default TSM installation folders.
:: Requires script to be executed in directory with permissions, and, requires write permissions to the KDB file below.
:: Typically, this implies that the script must be executed as administrator.
:: Upon successful completion, the script leaves a PEM file in this folder for transparency reasons.
:: This PEM file is not required by the service as it has been inserted into the GSK Trust Database
:: See more at http://pic.dhe.ibm.com/infocenter/tsminfo/v7r1/index.jsp?topic=%2Fcom.ibm.itsm.client.doc%2Ft_cfg_ssl.html

:: Set this PASSWORD string with some random secret, this random secret is one-time and not necessary to remember.
:: The program won't run unless you have done this.
set PASSWORD=REPLACEME
if [%PASSWORD%] equ [REPLACEME] ( 
	echo No password set.  Please set a random password. 
	exit /B
)

set KDB="C:\Program Files\Tivoli\TSM\baclient\dsmcert.kdb"
set GSK8CAPICMD=gsk8capicmd_64
set ORIGPATH=%PATH%
set PATH=%PATH%;C:\Program Files\Common Files\Tivoli\TSM\api64\gsk8\lib64;C:\Program Files\Common Files\Tivoli\TSM\api64\gsk8\bin;C:\Program Files\ibm\gsk8\bin;C:\Program Files\ibm\gsk8\lib64

:: Write out PEM-file into PEM-file-name into the Current Directory
@echo>> SafeDC-Net-CA.pem -----BEGIN CERTIFICATE-----
@echo>> SafeDC-Net-CA.pem MIIEBTCCAu2gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJTRTET
@echo>> SafeDC-Net-CA.pem MBEGA1UECgwKU2FmZWRjLm5ldDEeMBwGA1UECwwVRGF0YWNlbnRlciBPcGVyYXRp
@echo>> SafeDC-Net-CA.pem b25zMRswGQYDVQQDDBJTYWZlZGMubmV0IFJvb3QgQ0EwHhcNMTgwMjIwMjE1NjQ2
@echo>> SafeDC-Net-CA.pem WhcNMzgwMjE1MjE1NjQ2WjBfMQswCQYDVQQGEwJTRTETMBEGA1UECgwKU2FmZWRj
@echo>> SafeDC-Net-CA.pem Lm5ldDEeMBwGA1UECwwVRGF0YWNlbnRlciBPcGVyYXRpb25zMRswGQYDVQQDDBJT
@echo>> SafeDC-Net-CA.pem YWZlZGMubmV0IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
@echo>> SafeDC-Net-CA.pem AQDdLQn+gKG8FA825nBgQNwsdMTG6nnm0qVvwGHYawmtcUzDHHOveQGV3p94pN1C
@echo>> SafeDC-Net-CA.pem HBsHsDa/WUEjF2nN2nr7NhX42F8d6HX3EwlK0OEhVF0OyBsfDLyr5mMaLeHJe2aj
@echo>> SafeDC-Net-CA.pem qgLVthkRLJEzAV2LcQtzWsaRCAaNklPXB57E4y/SE0zM1PbQcGH32NsAstbXPchZ
@echo>> SafeDC-Net-CA.pem KDNWsagfcXsKZk96El7UWY0Q9HGtqjQuGAYnGyFAnPul7c5uWzv5pyN/S+aRHQN8
@echo>> SafeDC-Net-CA.pem mhrHCd7fxdwTtjwEZAEqm+SKtXLG6t+4aqaUC4ubYg7MVuScUQ6r58E0U90ckkba
@echo>> SafeDC-Net-CA.pem TtciHJiGM2rfYiKVUh29nPTdAgMBAAGjgcswgcgwDwYDVR0TAQH/BAUwAwEB/zAd
@echo>> SafeDC-Net-CA.pem BgNVHQ4EFgQUDDhvUQKo/6s3swD2A1zJmi2N2oQwgYgGA1UdIwSBgDB+gBQMOG9R
@echo>> SafeDC-Net-CA.pem Aqj/qzezAPYDXMmaLY3ahKFjpGEwXzELMAkGA1UEBhMCU0UxEzARBgNVBAoMClNh
@echo>> SafeDC-Net-CA.pem ZmVkYy5uZXQxHjAcBgNVBAsMFURhdGFjZW50ZXIgT3BlcmF0aW9uczEbMBkGA1UE
@echo>> SafeDC-Net-CA.pem AwwSU2FmZWRjLm5ldCBSb290IENBggEAMAsGA1UdDwQEAwIBhjANBgkqhkiG9w0B
@echo>> SafeDC-Net-CA.pem AQsFAAOCAQEAUhnRfJHRBTOcnEbWg6M6YyhdzzUYZcYO7SgCG8VbxmhbZpjcfQWJ
@echo>> SafeDC-Net-CA.pem eHVGcgR/RuYKI5N7PEU8bRQwo4GtNBxVU4rEpCNRx5lNEjjF9eqCpe22XidEAeTw
@echo>> SafeDC-Net-CA.pem mbg2vYt+pQwbcI6ylRex6pPB4uZJEh9NfpreOKDSe6GYnYr/URmQQo6ql1rCL+to
@echo>> SafeDC-Net-CA.pem wj+3pbvsxGBicoQzrIBiFH3/9BBb/IxIuPv60hwF4SH0MEX3GQYfuhZIAbac0Rgs
@echo>> SafeDC-Net-CA.pem UIkB6BcgUqSpQVbXIgwu7Olhn6jjAZPB2GmtbndJiqasqYwwwexYJ7yW4Kfpq3eq
@echo>> SafeDC-Net-CA.pem KYLtlCxXjKK44dISRdi6hXQdBEZF/6QWAQ==
@echo>> SafeDC-Net-CA.pem -----END CERTIFICATE-----

@echo on
del "C:\Program Files\Tivoli\TSM\baclient\dsmcert.kdb"
del "C:\Program Files\Tivoli\TSM\baclient\dsmcert.sth"
DEL "C:\Program Files\Tivoli\TSM\baclient\dsmcert.crl"
DEL "C:\Program Files\Tivoli\TSM\baclient\dsmcert.rdb"

%GSK8CAPICMD% -keydb -create -db %KDB% -pw %PASSWORD% -stash
%GSK8CAPICMD% -cert -add -db %KDB% -label "Safedc Net Root CA" -file SafeDC-Net-CA.pem -format ascii -stashed
%GSK8CAPICMD% -cert -list -db %KDB% -stashed
@echo off

:: Avoid exploding path on multiple invocations in the same command prompt window
set PATH=%ORIGPATH%