| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Notification that SSL keystore password is about to expire |
« View previous topic :: View next topic » |
| Author |
Message
|
| MQAltaf |
 Posted: Thu Nov 08, 2007 3:15 am Post subject: Notification that SSL keystore password is about to expire |
 |
|
Centurion
Joined: 10 Feb 2005
Posts: 119
|
Hi,
Is there a way to be notified that an SSL keystore password is about to expire. We had an issue a few days ago where the key store password has expired and brought the channel down. We have a manual process at the moment whereby we update the password annualy. The password has a validity of 2 years
The error below only comes out once the password has expired. Would be more useful if an alert was genertated informing of when its likely to expire so that the password can be updated in good time
-------------------------------------------------------------------------------
11/05/07 05:00:35
AMQ9652: The remote SSL certificate has expired.
EXPLANATION:
The SSL certificate used by MQ on the remote end of the channel has expired.
The channel is '????'; in some cases its name cannot be determined and so is
shown as '????'. The channel did not start.
ACTION:
Use your key management tool to provide MQ with a current SSL certificate on
the remote end of the channel. Restart the channel.
----- amqccisx.c : 1013 -------------------------------------------------------
Thanks in advance |
|
| Back to top |
|
 |
| thebeach |
| Posted: Mon Dec 03, 2007 3:09 pm Post subject: |
|
|
Apprentice
Joined: 30 Mar 2004
Posts: 47
|
Will a channel immediately stop on the expiry date, or when the QM in next bounced?
Thanks! |
|
| Back to top |
|
|
| MQAltaf |
| Posted: Mon Dec 03, 2007 3:12 pm Post subject: |
|
|
Centurion
Joined: 10 Feb 2005
Posts: 119
|
| The channel will go into re-try when it tries to start. |
|
| Back to top |
|
|
| thebeach |
| Posted: Tue Dec 04, 2007 12:55 am Post subject: |
|
|
Apprentice
Joined: 30 Mar 2004
Posts: 47
|
|
| Back to top |
|
|
| MQAltaf |
| Posted: Tue Dec 04, 2007 1:03 am Post subject: |
|
|
Centurion
Joined: 10 Feb 2005
Posts: 119
|
The GSkit which ships with MQ6.0.2.1 has a -expiry flag. I have written the following script which is scheduled to run via TWS to alert if a password is about to expire within 60 days
#!/usr/bin/perl
use Time::Local;
$time=time;
$QM = $ARGV[0];
#convert time
($secs,$mins,$hours, $day_of_month, $mon, $yr, $wday, $yday, $isdst) = localtime($time);
$yr = $yr +1900;
$mon= $mon+1;
#output date to compare agains
#$dateoutput = "Validity: 03 December 2007 16:28:04 o'clock BST";
$dateoutput =`export JAVA_HOME=/usr/mqm/ssl/jre; gsk7cmd -keydb -expiry -db key.kdb -pw mqser1es`;
#print "$dateoutput\n";
#convert date to epoc
if ($dateoutput =~ /^Validity\W+\s+(\d+)\s+(\w+)\s+(\d+)\s+(\d+)\W(\d+)\W(\d+).*/) {
$ddate = $1;
$mdate = $2;
if ($mdate eq "January") {
$mdate = "00";
} elsif ($mdate eq "February") {
$mdate = "01";
} elsif ($mdate eq "March") {
$mdate = "02";
} elsif ($mdate eq "April") {
$mdate = "03";
} elsif ($mdate eq "May") {
$mdate = "04";
} elsif ($mdate eq "June") {
$mdate = "05";
} elsif ($mdate eq "July") {
$mdate = "06";
} elsif ($mdate eq "August") {
$mdate = "07";
} elsif ($mdate eq "September") {
$mdate = "08";
} elsif ($mdate eq "October") {
$mdate = "09";
} elsif ($mdate eq "November") {
$mdate = "10";
} elsif ($mdate eq "December") {
$mdate = "11";
}
#$mdate = $2 - 1;
$ydate = $3 - 1900;
$htime = $4;
$mtime = $5;
$stime = $6;
#print "$stime, $mtime, $htime, $ddate, $mdate, $ydate\n";
}
$compareepoc = timelocal($stime, $mtime, $htime, $ddate, $mdate, $ydate);
#determine difference beween now and compare date
$diffdate = $compareepoc - $time;
#convert diff into days
$diffdays = $diffdate / 60 / 60 / 24;
#print "days = $diffdays\n";
if ($diffdays < 60) {
print "$diffdays days left prior to SSL crypto password expiry for queue manager $QM, 60 day warning\n";
exit 1;
}
exit 0; |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
