| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| [SOLVED]SSL issue |
« View previous topic :: View next topic » |
| Author |
Message
|
| scar |
 Posted: Fri Jun 13, 2008 10:56 am Post subject: [SOLVED]SSL issue |
 |
|
Centurion
Joined: 23 Jun 2004
Posts: 145
|
I created key repository an bot the qmgrs and am using self signed certificates
When I start the channel i am getting the following error
06/13/08 13:27:13 - Process(1056768.1) User(mqm) Program(amqrcmla)
AMQ9660: SSL key repository: password stash file absent or unusable.
EXPLANATION:
The SSL key repository cannot be used because MQ cannot obtain a password to
access it. Reasons giving rise to this error include:
(a) the key database file and password stash file are not present in the
location configured for the key repository,
(b) the key database file exists in the correct place but that no password
stash file has been created for it,
(c) the files are present in the correct place but the userid under which MQ is
running does not have permission to read them,
(d) one or both of the files are corrupt.
The channel is 'SSL1.TO.SSL0'; in some cases its name cannot be determined and
so is shown as '????'. The channel did not start.
ACTION:
Ensure that the key repository variable is set to where the key database file
is. Ensure that a password stash file has been associated with the key database
file in the same directory, and that the userid under which MQ is running has
read access to both files. If both are already present and readable in the
correct place, delete and recreate them. Restart the channel.
I deleted the Key repository and created it couple times but no use..
root@green:/var/mqm/qmgrs/QMGR_SSL0/errors # echo dis qmgr sslkeyr | runmqsc QMGR_SSL0
5724-H72 (C) Copyright IBM Corp. 1994, 2005. ALL RIGHTS RESERVED.
Starting MQSC for queue manager QMGR_SSL0.
1 : dis qmgr sslkeyr
AMQ8408: Display Queue Manager details.
QMNAME(QMGR_SSL0)
SSLKEYR(/var/mqm/qmgrs/QMGR_SSL0/ssl/key)
One MQSC command read.
No commands have a syntax error.
All valid MQSC commands were processed.
/var/mqm/qmgrs/QMGR_SSL1/errors $ echo dis qmgr sslkeyr | runmqsc QMGR_SSL1
5724-H72 (C) Copyright IBM Corp. 1994, 2005. ALL RIGHTS RESERVED.
Starting MQSC for queue manager QMGR_SSL1.
1 : dis qmgr sslkeyr
AMQ8408: Display Queue Manager details.
QMNAME(QMGR_SSL1)
SSLKEYR(/var/mqm/qmgrs/QMGR_SSL1/ssl/key)
One MQSC command read.
No commands have a syntax error.
All valid MQSC commands were processed.
FILES and permissions
mqm@green:/var/mqm/qmgrs/QMGR_SSL0/ssl $ ls -ltr
total 272
-rw-r----- 1 mqm mqm 129 Jun 13 13:02 green.sth
-rw-r----- 1 mqm mqm 80 Jun 13 13:18 green.rdb
-rw-r----- 1 mqm mqm 125080 Jun 13 13:18 green.kdb
-rw-r----- 1 mqm mqm 80 Jun 13 13:18 green.crl
/var/mqm/qmgrs/QMGR_SSL1/ssl $ ls -ltr
total 272
-rw-r----- 1 mqm mqm 129 Jun 13 12:57 olive.sth
-rw-r----- 1 mqm mqm 80 Jun 13 13:15 olive.rdb
-rw-r----- 1 mqm mqm 125080 Jun 13 13:15 olive.kdb
-rw-r----- 1 mqm mqm 80 Jun 13 13:15 olive.crl
When I created the database i stashed the password
but when I try to stash it again i am getting the following error
/var/mqm/qmgrs/QMGR_SSL1/ssl $ gsk7cmd -keydb -stashpw -db olive.kdb -pw ------------------
The specified database has been corrupted.
Any help is appreciated
Last edited by scar on Mon Jun 16, 2008 5:42 am; edited 1 time in total |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Fri Jun 13, 2008 11:15 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Step-by-step how to create key-repositories, self-signed certs, and enable channels, is wonderfully documented in the WMQ Security manual. If you are doing this via command line, look at the iKeyman User's Guide for the annoyingly picky syntax.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| scar |
| Posted: Fri Jun 13, 2008 11:21 am Post subject: |
|
|
Centurion
Joined: 23 Jun 2004
Posts: 145
|
I used gsk7ikm user interface tool.
I tried to stash the password again using it still getting the same error. |
|
| Back to top |
|
|
| Gaya3 |
| Posted: Fri Jun 13, 2008 11:44 pm Post subject: |
|
|
Jedi
Joined: 12 Sep 2006
Posts: 2493
Location: Boston, US
|
|
| Back to top |
|
|
| veech23 |
| Posted: Sun Jun 15, 2008 4:11 pm Post subject: |
|
|
Novice
Joined: 25 Apr 2007
Posts: 23
Location: canberra
|
QMNAME(QMGR_SSL0) SSLKEYR(/var/mqm/qmgrs/QMGR_SSL1/ssl/key)
they key to be replaced with olive or green
echo alter qmgr sslkeyr('/var/mqm/qmgrs/QMGR_SSL1/ssl/green') | runmqsc QMGR_SSL0 |
|
| Back to top |
|
|
| scar |
| Posted: Mon Jun 16, 2008 5:41 am Post subject: |
|
|
Centurion
Joined: 23 Jun 2004
Posts: 145
|
THANKS
Some how I overlook that.
Its working. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
