ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » Error in adding CA signed cert

Post new topic  Reply to topic
 Error in adding CA signed cert « View previous topic :: View next topic » 
Author Message
J.D
PostPosted: Fri Mar 12, 2010 5:41 pm    Post subject: Error in adding CA signed cert Reply with quote

Voyager

Joined: 18 Dec 2009
Posts: 92
Location: United States
Hi,
I'm trying to secure server connection channel using CA signed cert between MQ Server and app server. Our Security team has build their own PKI to manage certificates and they will sign the certs for us instead of approaching 3rd party. Below are the steps i followed:
1. Genarated CSR with name abc.arm
2. Sent the CSR to get it signed
3. Got the signed cert (abc.p7b) as well as trust cert (trust.p7b) (.p7b is standard maintained by security team who are handling the certs)
4. Added trust cert to key database successfully.
5. Getting an error while receiving the signed cert to key database and the error says "An error occured while inserting keys to the database".

Is it must to have cert with extension .arm or .cer in MQ?

OS-Solaris 10, MQ-6.0.2.2
Back to top
View user's profile Send private message
Vitor
PostPosted: Fri Mar 12, 2010 6:44 pm    Post subject: Re: Error in adding CA signed cert Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
J.D wrote:
(.p7b is standard maintained by security team who are handling the certs)


No it isn't, it's the extension of an X 509 PKCS 7 certificate that is a different format to that of a cer extended file.

J.D wrote:
Is it must to have cert with extension .arm or .cer in MQ?


I suspect that the certificate you're presenting doesn't have all the information the queue manager requires as indicated here.

I've certainly never used anything other than binary or Base64 cer files.But that doesn't prove anything.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Sat Mar 13, 2010 6:17 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
Make sure your CA is able to provide you with an X509 certificate. When requesting the certificate you have to provide the X500 principal. This is why you need the Distinguished Name (DN). Create another request with the correct DN information, have it signed, have the CA provide you with the X509 version of the certificate and import that. You should have no problem.

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
J.D
PostPosted: Tue Mar 16, 2010 8:53 pm    Post subject: Reply with quote

Voyager

Joined: 18 Dec 2009
Posts: 92
Location: United States
Issue is resolved now. Got an error because i downloaded the cert in binary format but while adding into key data base used the default selection which is Ascii.

Thanks for your replies.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » Error in adding CA signed cert
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.