In FC10 IBM changed the requirements when using gskit so -type cms no longer works. The engine will come up with it but you will find you get a generic GSK8 error: “cannot initalize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED” with no other information.
To get around this create a new keystore for clients in the .p12 format. Older certificates can be cleanly imported to provide backwards compatibility with older Informix systems already running ssl.
You need to add the -type pkcs12 -pqc false flags for this to work cleanly.
gsk8capicmd_64 -keydb -create -db clikeydb.p12 -pw my_password -type pkcs12 -pqc false -stash
gsk8capicmd_64 -cert -add -db clikeydb.p12 -stashed -file server.cert
Make sure to update $INFORMIXDIR/etc/conssl.cfg to use the .p12 filename rather than .kdb
Tom Beebe (tom@xdbsystems.com)