| Author |
Message
|
| Tibor |
 Posted: Mon Nov 04, 2002 7:17 am Post subject: |
 |
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
|
| Back to top |
|
 |
| dmj |
| Posted: Tue Nov 05, 2002 1:36 pm Post subject: |
|
|
Novice
Joined: 09 Apr 2002
Posts: 19
Location: London
|
Kolban,
I wished I had read your posting prior to my decision to clear up the certificate repository as I ran into the same problem which meant that I needed to create a new CA certificate as well. I have had DLL hell before but this is the first time for Certificate hell.
All my testing so far has been with PKCS12 certificates with exportable private keys. This is not a recommended practise for us and so now i need to test with some certificates without exportable keys.
Has anyone else done any testing with importing keys into the key repository and can they point me in the direction of some instructions to save me some time.
Thanks
DMJ |
|
| Back to top |
|
|
| dutchman |
| Posted: Thu Dec 19, 2002 1:42 am Post subject: |
|
|
Acolyte
Joined: 15 May 2001
Posts: 71
Location: Netherlands
|
Maybe too late now, but there's an article in issue 42 (December 2002) of the MQ Update magazine which has a step-by-step guide on doing the above - and it works!
The thing I asked myself - how do I know it works? Is it really using encryption or what? The amqerr01.logs only show the channel starting normally. The only way to check is to run a trace (strmqtrc) and look at the trace file for runmqchl.
Regards ... RvZ |
|
| Back to top |
|
|
| TonyD |
| Posted: Thu Dec 19, 2002 1:19 pm Post subject: |
|
|
Knight
Joined: 15 May 2001
Posts: 540
Location: New Zealand
|
| The Port Sniffer included with Kevin Tobin's download (referenced earlier in the thread) is easy to install and use and clearly shows that the data really is being encrypted! |
|
| Back to top |
|
|
| dutchman |
| Posted: Thu Dec 19, 2002 1:31 pm Post subject: |
|
|
Acolyte
Joined: 15 May 2001
Posts: 71
Location: Netherlands
|
| Tony - yes, thanks. I discovered this afterwards for myself. Great little utility ... R |
|
| Back to top |
|
|
| kolban |
| Posted: Thu Dec 19, 2002 3:17 pm Post subject: |
|
|
Grand Master
Joined: 22 May 2001
Posts: 1072
Location: Fort Worth, TX, USA
|
|
| Back to top |
|
|
| rajmq |
| Posted: Tue Mar 25, 2003 3:11 am Post subject: |
|
|
Partisan
Joined: 29 Sep 2002
Posts: 331
Location: USA
|
Hi
I am Trying to Encrypt and Decrypt the values using WMQ5.3 SSL Concepts.
I downloaded the material from the link
http://www.mqseries.net/pafiledb203/pafiledb.php?action=viewfile&fid=53&id=5. and i followed the Doc which is contains in the SSL.zip
I am getting exceptions in STEP4(Adding the Certificate to QMGR)
1)amqmcert -l -k db2admin -m QM1
4-B41 (C) Copyright IBM Corp. 1994, 2002. ALL RIGHTS RESERVED.
ng CURRENT_USER for default system stores.
merating Certificate Stores:
Sphere MQ Store (QM1):
----------------------
014: Secure Server Certification Authority, Secure Server Certification Authority
015: Thawte Personal Basic CA, Thawte Personal Basic CA
016: Thawte Personal Freemail CA, Thawte Personal Freemail CA
017: Thawte Personal Premium CA, Thawte Personal Premium CA
018: Thawte Premium Server CA, Thawte Premium Server CA
019: Thawte Server CA, Thawte Server CA
020: VeriSign Class 1 CA Individual Subscriber-Persona Not Validated, Class 1 Public Primary Certification Authority
021: Class 1 Public Primary Certification Authority, Class 1 Public Primary Certification Authority
022: VeriSign Class 2 CA - Individual Subscriber, Class 2 Public Primary Certification Authority
023: Class 2 Public Primary Certification Authority, Class 2 Public Primary Certification Authority
024: www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, Class 3 Public Primary Certification Authority
025: Class 3 Public Primary Certification Authority, Class 3 Public Primary Certification Authority
026: For VeriSign authorized testing only. No assurances (C)VS1997, For VeriSign authorized testing only. No assurances (C)VS1997
027: SecureNet CA SGC Root, Root SGC Authority
4810: No certificate has been assigned to this WebSphere MQ queue manager.
2)amqmcert -m QM1 -d "00014"
5724-B41 (C) Copyright IBM Corp. 1994, 2002. ALL RIGHTS RESERVED.
Using CURRENT_USER for default system stores.
Enumerating Certificate Stores:
AMQ9688: The private key data for this certificate is unavailable.
and also Step5 also i am not able to see Manage SSL Certificates option in my QMGR.
Can anybody explain how to add the certificate to QMGR
regards
raj |
|
| Back to top |
|
|
| rajmq |
| Posted: Tue Mar 25, 2003 6:48 am Post subject: MQ Update magazine |
|
|
Partisan
Joined: 29 Sep 2002
Posts: 331
Location: USA
|
Hi dutch
"Maybe too late now, but there's an article in issue 42 (December 2002) of the MQ Update magazine which has a step-by-step guide on doing the above - and it works! "
can u post that article link or Docs,
i was trying couple of days for implementing the WMQ5.3 SSL But Still i am struggling...
Thanks in Advance
raj |
|
| Back to top |
|
|
| crossland |
| Posted: Tue Feb 24, 2004 4:56 am Post subject: |
|
|
Master
Joined: 26 Jun 2001
Posts: 248
|
|
| Back to top |
|
|
| techno |
| Posted: Thu May 20, 2004 7:36 am Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
How would it be different in case the client program is written in java? I am asking this because java does not use client channel table.
Also could you point out what error I am making in creating self-signed certificate using gsk6dba?
gsk6cmd -cert -create -db /var/mqm/qmgrs/DHOCLM2/ssl/key.kdb -pw password -label testcert -size 512
Do I need to specify any extra parameters? How about -dn param? I do not understand what its value would be. Do I need to have LDAP or something? |
|
| Back to top |
|
|
|
|
