| Author |
Message
|
| ankurlodhi |
 Posted: Thu Nov 10, 2011 7:30 am Post subject: Tokenization failure |
 |
|
Master
Joined: 19 Oct 2010
Posts: 266
|
I was tryint to create a self sighned certificate throught Gsk7capicmd
but I am getting errors regarding the TOkaniztion.
P:\>gsk7capicmd -cert -create -db "\c:Program Files\IBM\WebSphere MQ\Qmgrs\QM1\s
sl\key.kdb" -pw whoisthis@123 -label ibmwebspheremqqm1" -dn "CN=myorganization,O=hcl,OU=HCLTech,L=NOIDA,ST=UP,C=INDIA" -size 2048 -x509version 3 -expiry 20 sigalg sha224
Error: 201
Please refer to the GSKCapiCmd User's Guide
for the meaning of the error.
Error id: GSKCAPICMD_TOKENIZING_FAILURE
Details: Tech,L=NOIDA,ST=UP,C=INDIA -size 2048 -x509version 3 -expiry 20 sigalg
sha224
I am getting this error even when I am going accoridng to its manual. |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Thu Nov 10, 2011 7:52 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9400
Location: US: west coast, almost. Otherwise, enroute.
|
And when you referred to the manual, you discovered what?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| ankurlodhi |
| Posted: Thu Nov 10, 2011 8:09 am Post subject: |
|
|
Master
Joined: 19 Oct 2010
Posts: 266
|
it just said this
"Tokenization of the arguments passed to the GSKCapiCmd Program
failed."
there is nothing even on the web when i looked for it. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Nov 10, 2011 8:16 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| ankurlodhi wrote: |
"Tokenization of the arguments passed to the GSKCapiCmd Program
failed." |
This is quite clear; the arguments you passed couldn't be tokenised.
This is because there is a typo in the command you posted. The sigalg argument doesn't have a "-" in front of it.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| ankurlodhi |
| Posted: Thu Nov 10, 2011 8:19 am Post subject: |
|
|
Master
Joined: 19 Oct 2010
Posts: 266
|
ooh c**p!! how can i miss that.. darn me ...
realy .. |
|
| Back to top |
|
|
| ankurlodhi |
| Posted: Thu Nov 10, 2011 8:24 am Post subject: |
|
|
Master
Joined: 19 Oct 2010
Posts: 266
|
Now its giving this.. which tag all necesary one are there.. i guess or is there something i am missing, cause i cross checked it with the example in the manual
P:\>gsk7capicmd -cert -create -db "\c:Program Files\IBM\WebSphere MQ\Qmgrs\QM1\s
sl\key.kdb" -pw whoisthis@123 -label ibmwebspheremqqm1" -dn "CN=myorganization,O=hcl,OU=HCL,L=NOIDA,ST=UP,C=INDIA" -size 2048 -x509version 3 -expiry 20 -sigalg sha224
Error: 206
Please refer to the GSKCapiCmd User's Guide
for the meaning of the error.
Error id: GSKCAPICMD_ERROR_MISSING_TAG
Details: -dn
STANDARD SUPPORT
-cert -create -db <name> [-pw <passwd>] -label <label> -dn <dist name> [-size <k
ey size>] [-x509version <1 | 2 | 3>] [-default_cert <yes | no>] [-expire <days>]
[-ca <true | false>] [-fips]
PKCS11 SUPPORT
-cert -create -crypto <module name> -tokenlabel <token label> [-pw <passwd>] -la
bel <label> -dn <dist name> [-size <key size>] [-x509version <1 | 2 | 3>] [-defa
ult_cert <yes | no>] [-expire <days>] [-ca <true | false>] [-fips] |
|
| Back to top |
|
|
| ankurlodhi |
| Posted: Thu Nov 10, 2011 8:34 am Post subject: |
|
|
Master
Joined: 19 Oct 2010
Posts: 266
|
| DONE yippe...!! wohooooooooooo |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Nov 10, 2011 9:10 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| ankurlodhi wrote: |
| DONE yippe...!! wohooooooooooo |
Well good for you. We're all pleased.
Care to share the solution for the benefit of future readers? 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Nov 10, 2011 9:21 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
notice that he had a leftover double quote after the labelname. I figured this is why the -dn was not recognized... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Nov 10, 2011 9:40 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| fjb_saper wrote: |
| notice that he had a leftover double quote after the labelname. I figured this is why the -dn was not recognized... |
So do I, but I want him to say it. Especially given the reaction to the news he'd not spotted a missing "-".
You'd think after that you'd check the command carefully... 
I suppose it's just easier to get us to proofread things. The Nobel committee will not be impressed.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| ankurlodhi |
| Posted: Thu Nov 10, 2011 10:37 am Post subject: |
|
|
Master
Joined: 19 Oct 2010
Posts: 266
|
I recognised the mistakes so when next time when i will do it, it will be bang on target.
so here is the proper explanintion as asked for future readers.
P:\>gsk7capicmd -cert -create -db "\c:Program Files\IBM\WebSphere MQ\Qmgrs\QM1\ssl\key.kdb" -pw whoisthis@123 -label ibmwebspheremqqm1" -dn "CN=myorganization,O=hcl,OU=HCL,L=NOIDA,ST=UP,C=INDIA" -size 2048 -x509version 3 -expiry 20 -sigalg sha224
in the -db please take of the quotes. and specify the full path of the key database including the ful name of the key database with .kdb extension.
in label you need to specify "ibmwebspheremq" followed the by the name of the queue manager in lower case on which you want to implement the ssl
please cross check all the arguements once before hitting the enter button
in the "size" you can specify the size of key between 512 to 4096 althougy 2048 is the new standard replacing the old 1024. so it would be better to use 2048
x509version is the version of cert the default is 3 and prefered one
-expire is the number of days after which the cert will expire.
sigalg is the algorithm of encryption you want to use for the creation of your self sighned certificate and also for the signature associated with the certificate. |
|
| Back to top |
|
|
| ankurlodhi |
| Posted: Thu Nov 10, 2011 10:40 am Post subject: |
|
|
Master
Joined: 19 Oct 2010
Posts: 266
|
 yaa i missed the - and "
but hey  it's no fun in learining untill you make mistakes and in the end its the best kind of learingn, to know where do people usually make mistake so when a problem comes you already have an idea where can be the problem
so happy learining to me...  |
|
| Back to top |
|
|
|
|
