| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| How to import personal certificate with gsk7cmd |
« View previous topic :: View next topic » |
| Author |
Message
|
| exerk |
 Posted: Wed Oct 28, 2009 4:09 am Post subject: |
 |
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
I never actually got the chance to hack around, work got in the way 
However, whenever I need to refresh my knowledge of the commands, I normally have a look HERE, although I'm sure the same information is also held elsewhere.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
 |
| shelldweller |
| Posted: Fri Jan 22, 2010 7:14 am Post subject: Re: gsk7ikm did the trick |
|
|
Novice
Joined: 27 Aug 2009
Posts: 16
|
| exerk wrote: |
| As far as I am aware, the GUI runs exactly the same commands as you would issue from the command line. |
Not when it comes to changing personal certificate label. I quoted that in my first post:
| Quote: |
| It is not possible to change a certificate label using iKeycmd or GSKCapiCmd. |
And here is the link: http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp?topic=/com.ibm.mq.csqzas.doc/sy12360_.htm
Does anyone know if the key database can be created on one system and them copy it over to another? The fact that I have to use a GUI tool for SSL configuration makes it impossible to deploy our solution production environment. |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 22, 2010 7:28 am Post subject: Re: gsk7ikm did the trick |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| shelldweller wrote: |
| ...Does anyone know if the key database can be created on one system and them copy it over to another?... |
Key stores can be created off-box then put in the relevant directory on the server hosting the queue manager/client as it's only the SSLKEYR or SSLKEYRC attribute that determines what key store 'belongs' to the client/queue manager - however, most security departments tend to frown on keys/key stores being transported between servers.
And apologies, I missed the statement you made in regard to being unable to change the label using the command line
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| shelldweller |
| Posted: Fri Jan 22, 2010 7:50 am Post subject: Re: gsk7ikm did the trick |
|
|
Novice
Joined: 27 Aug 2009
Posts: 16
|
| exerk wrote: |
| most security departments tend to frown on keys/key stores being transported between servers |
Yes, it's one of those... when doing the right thing is wrong.
Thank you for your reply. I tried to copy the key db once and it didn't work which was probably a side effect of extreme multitasking. I'll give it another shot. |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 22, 2010 7:56 am Post subject: Re: gsk7ikm did the trick |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| shelldweller wrote: |
| exerk wrote: |
| most security departments tend to frown on keys/key stores being transported between servers |
Yes, it's one of those... when doing the right thing is wrong.
Thank you for your reply. I tried to copy the key db once and it didn't work which was probably a side effect of extreme multitasking. I'll give it another shot. |
Easiest method I found was to create a sub-directory of the name of the queue manager, create the key store and subsequent certificate request within that directory, receive the certificate, then copy the contents of the sub-directory to the target server. All done as mqm of course, and also on the same platform as the target. Good luck with it 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
