| Author |
Message
|
| manoj798 |
 Posted: Tue Jan 08, 2013 1:37 am Post subject: Error while importing ssl certs |
 |
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
Hi All,
I was trying to renew ssl certificate some of our old MQ servers(it is V5.3).One out 8 of the same kind, I am getting following error while trying to import the certificate.
I created queue manager in my PC with same name and tried importing the certificate it worked. then tried to copy the key.sto from my pc and assign the cert to this queue manager. Still getting the same error.
AMQ0000: WebSphere MQ was unable to display an error message 0.
EXPLANATION:
MQ has attempted to display the message associated with return code hexadecimal
'0'. The return code indicates that there is no message text associated with
the message. Associated with the request are inserts 0 : 0 : : : .
ACTION:
Use the standard facilities supplied with your system to record the problem
identifier, and to save the generated output files. Contact your IBM support
center. Do not discard these files until the problem has been resolved.
The error is written in system error log directory not in queue manager error log directory.
Can anybody give a hand?? |
|
| Back to top |
|
 |
| exerk |
| Posted: Tue Jan 08, 2013 2:27 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Firstly, do NOT double post - if you post in an inappropriate forum then please request a moderator move it to one more appropriate. I have deleted the General Discussion post.
You are now finding out the perils and pitfalls of staying on an unsupported version, but it would also help if you stated on which platform you are running (I suspect Windows, but then it has many flavours), and any other relevant information that our crystal balls are failing to display...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| manoj798 |
| Posted: Fri Jan 11, 2013 3:44 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
Thanks for that Exerc,
I will take care of the double post next time.
Yes we are in unsupported version and have a plan for the remediation this June. But now I need to nenew the cert as it is getting expired on Jan 27th.
The Windows version is 2003 SP2. I tried a restart of queue manager still getting same error.
Now only other option letf-out is to recreate the queue manager. If you have any idea about this error please let me know. google also doesn't say anything about this error. Can't go to IBM as it is not supported... NEED HELP BADLY.. |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 11, 2013 3:47 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
How did you renew the certificate? Please post the exact steps in the procedure you followed.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| manoj798 |
| Posted: Fri Jan 11, 2013 3:54 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
1) In MQ explorer, go to Queue manager, properties--> SSL tab
2) then Manage SSL certificate
3) Click Add
3) Import from File, select the certificate and click add
Now I am getting the error.
I tried another way , created a qmgr in another server which having same mq and os level, imported the certificate there it worked fine. then copy the key.sto file the production qmgr
Now after adding the certificate, we need to assign the cert to qmgr , when tried to assign the cert to qmgr on production with the copy of key.sto from non prod , getting same error. |
|
| Back to top |
|
|
| manoj798 |
| Posted: Fri Jan 11, 2013 4:09 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
Even tried
amqmcert -a -s "Cer_Name" -m QMGRName.
Getting error
5724-B41 (C) Copyright IBM Corp. 1994, 2002. ALL RIGHTS RESERVED.
Using CURRENT_USER for default system stores.
AMQ0005 WebSphere MQ was unable to display an error message 80070005.
MQ has attempted to display the message associated with return code hexadecimal '80070005'. The return code indicates that there is no message text associated with the message. Associated with the request are inserts 0 : 0 : : : .
Use the standard facilities supplied with your system to record the problem identifier, and to save the generated output files. Contact your IBM support center. Do not discard these files until the problem has been resolved. |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 11, 2013 4:13 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
What recent changes were made to the server - of any variety? The 'unable to dispaly message' is usually indicative of screwed file system permissions.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| manoj798 |
| Posted: Fri Jan 11, 2013 4:35 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
No changed done till we started getting this error. After the issue I tried to recreate the key.sto file, copy key.sto created from test region to here. Other than that no changes done.
I also tried to create the key.sto in some other location in the same server with same queue manager. no luck |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 11, 2013 5:59 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
OS, and full WMQ version (including CSDs applied) please...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| manoj798 |
| Posted: Fri Jan 11, 2013 6:31 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
OS : WIndows 2003 EE SP2( 5.2 Build, 3790)
MQ: V5.3 CCSD 12 and 13(shipped CSD 00) |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 11, 2013 6:42 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| manoj798 wrote: |
| MQ: V5.3 CCSD 12 and 13(shipped CSD 00) |
I'll assume that CSD 13 is applied. Now, from what I remember of WMQ V5.3 on Windows, certs were held in the Windows certificate store, so can you see it using IE?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| manoj798 |
| Posted: Fri Jan 11, 2013 6:47 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
| No It is not displaying in IE |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 11, 2013 6:51 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| manoj798 wrote: |
| No It is not displaying in IE |
In any of the tabs, i.e. Personal, Other People, Intermediate Certification Authorities, Trusted Root Certification Authorities, Trusted Publishers, or Untrusted Publishers? (not sure if they're all there on the version of IE you'll be using)
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| manoj798 |
| Posted: Fri Jan 11, 2013 6:56 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
| I searched in all the tabs, also searched in another server where it is working fine(same OS and MQ level). Not able to see the qmgr cert there, but able to see my root CA certs |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 11, 2013 7:00 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| manoj798 wrote: |
| I searched in all the tabs, also searched in another server where it is working fine(same OS and MQ level). Not able to see the qmgr cert there, but able to see my root CA certs |
In the 'good' server, what's the value for 'Manage SSL certificate', and can you locate the 'physical' certificate?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
