MQSeries.net :: View topic - Personal cert import Linux -> Win 7 corrupt

askeggs · Posted: Mon Apr 28, 2014 7:51 am Post subject:

Howdy,

Never had cause to setup SSL under MQ before apart from training x years ago. Now need to get it going. What a pain it is.

Current task is extracting a personal certificate from the Linux SSL repos and importing into the Window 7 repos. Hours later the best I have got is:

C:\ssl>runmqckm -cert -import -file x.pkcs12 -pw key -type pkcs12 -label ibmwebspheremqfunmq -target key.kdb -target_type cms -target_pw key
5724-H72 (C) Copyright IBM Corp. 1994, 2009. ALL RIGHTS RESERVED.
The password is invalid or the PKCS12 has been corrupted
or been created with an unsupported version of PKCS12.

Which is not really 100%. The password is correct.

The correponding export was:
runmqckm -cert -extract -db key.kdb -pw key -target x.pkcs12 -label ibmwebspheremqfunmq -format binary

-format binary or ascii give the same result.
The ascii format keyfile looks fine to me:

-----BEGIN CERTIFICATE-----
MIIBKzCB1qADAgECAghZVV9Xw0ZtcjANBgkqhkiG9w0BAQQFADAbMQswCQYDVQQLEwJ1czEMMAoG
...
hvcNAQEEBQADQQA61lJBWig2C7VLWeyefyPydom5VT9rAq/3BgS/bgxqwtTuFea5NTUkbEnC5fDA
czzlVbB4jTfB/b8CT4130aVT
-----END CERTIFICATE-----

Versions or runmqckm are not so far apart so currently doubt they would be the cause or corruption.
Linux:
=====
-bash-4.1$ runmqckm -version
IBM Key Management
Version : 7.0.3.28
Copyright IBM Corp. 1997 - 2006
All Rights Reserved

KJNI
============
@(#)CompanyName: IBM Corporation
@(#)LegalTrademarks: IBM
@(#)FileDescription: IBM Global Security Toolkit
@(#)FileVersion: 7.0.4.38
@(#)InternalName: gskkjni
@(#)LegalCopyright: Licensed Materials - Property of IBM GSKit
(C) Copyright IBM Corp.1995, 2007
All Rights Reserved. US Government Users
Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
@(#)OriginalFilename: libgsk7kjni.so
@(#)ProductName: gsk7d (GoldCoast Build) 111031
@(#)ProductVersion: 7.0.4.38
@(#)ProductInfo: 11/10/24.03:30:45.11/10/31.11:22:04
@(#)CMVCInfo: gsk7d_111024/gsk7d_doc gsk7d_111024/gsk7d_ssl gsk7d_110519/gsk7d_pkg gsk7d_111024/gsk7d_ikm gsk7d_090120/gsk7d_acme gsk7d_111024/gsk7d_cms gsk7d_111024/gsk7d_support

Win 7:
====
C:\ssl>runmqckm -version
5724-H72 (C) Copyright IBM Corp. 1994, 2009. ALL RIGHTS RESERVED.
IBM Key Management
Version : 7.0.4.27
Copyright IBM Corp. 1997 - 2006
All Rights Reserved

KJNI
============
@(#)CompanyName: IBM Corporation
@(#)LegalTrademarks: IBM
@(#)FileDescription: IBM Global Security Toolkit
@(#)FileVersion: 7.0.4.27
@(#)InternalName: gskkjni
@(#)LegalCopyright: Licensed Materials - Property of IBM GSKit
(C) Copyright IBM Corp.1995, 2007
All Rights Reserved. US Government Users
Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
@(#)OriginalFilename: gsk7kjni.dll
@(#)ProductName: gsk7d (GoldCoast Build) 091112
@(#)ProductVersion: 7.0.4.27
@(#)ProductInfo: 09/11/04.21:13:30.09/11/12.12:34:01
@(#)CMVCInfo: gsk7d_090814/gsk7d_doc gsk7d_091112/gsk7d_ssl gsk7d_090907
/gsk7d_pkg gsk7d_091105/gsk7d_ikm gsk7d_090120/gsk7d_acme gsk7d_091111/gsk7d_cms
gsk7d_090120/gsk7d_support

Am I missing something obvious?
_________________
Adam.