ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » How can I change digital certificate provider?

Post new topic  Reply to topic
 How can I change digital certificate provider? « View previous topic :: View next topic » 
Author Message
bbburson
PostPosted: Mon Jun 25, 2007 8:39 am    Post subject: How can I change digital certificate provider? Reply with quote

Partisan

Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager
My company wants to change the CA we use for queue manager digital certificates. I thought it would be no big deal, but I've hit a snag and wonder if anyone can help me get beyond it.

This is WMQv6 on both AIX and Solaris. Yes, I have added the new CA signer certs to the database.

I've always re-used the same CSR request files to order renewal certificates that I used to order the initial certificate and the renewals can be received into the key.kdb with no problem.

Because the CSR request file has nothing in it that ties it to a particular CA I used the same request file to order a new certificate from the new CA. That worked fine and I received a .cer file from the CA.

But when I try to receive the new certificate into the key.kdb I get the error "The certificate request created for the certificate is not in the key database." This happens whether or not I remove the original certificate from the database.

Any suggestions?
Back to top
View user's profile Send private message
elvis_gn
PostPosted: Mon Jun 25, 2007 10:29 am    Post subject: Reply with quote

Padawan

Joined: 08 Oct 2004
Posts: 1905
Location: Dubai
Hi bbburson,

Did you move the signed request certificates AND the public key certificate of the new CA back before you try to receive it ? I guess you are using the old CA's public certificate.

Regards.
Back to top
View user's profile Send private message Send e-mail
bbburson
PostPosted: Tue Jul 03, 2007 7:26 am    Post subject: Reply with quote

Partisan

Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager
elvis_gn, thanks for the suggestions. Sorry to be so long in responding. It turned out that I was not using the original csr like I thought I was. I got the incorrect cert revoked and requested another with the correct csr and it imports into my key database just fine. It took awhile to get it all sorted out because the person who approves the requests was out of the office for a few days.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » How can I change digital certificate provider?
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.