| Author |
Message
|
| manoj798 |
 Posted: Fri Jan 11, 2013 7:04 am Post subject: |
 |
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
In Good server's cert store, I can see my personal cert, My Root CA and MY intermediate CA, all the default certs.
Assigned Cert: my personal cert
Certificate Authority: My intermediate CA |
|
| Back to top |
|
 |
| exerk |
| Posted: Fri Jan 11, 2013 7:07 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
And where on the 'good' server is the 'physical' certificate located, the one added?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| manoj798 |
| Posted: Fri Jan 11, 2013 7:15 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
No It is in a separate share drive I kept for both good server and the bad one.
No one interesting thing is in the good server I have two qmgrs, one its own qmgr (Say QMA)and the another qmgr with bad qmgr's name (QMB). When I copy the QMA's key.sto from good server to bad server's ssl folder and checked manage ssl Certs, I can see the all the certs(with personal cert A) in it and it is assigned to QMA.
Now copied the QMB's key.sto from good server to bad serve's qmgr, I can see all the certs(with personal cert B) but it is not assigned.
Any idea or it is confusing? |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 11, 2013 7:28 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
What happens when you try and view the 'bad' server QMB key.sto in 'good' server QMB? I add the usual caution in regard to not over-writing files etc., and it's possible you have a corrupt key store.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| manoj798 |
| Posted: Fri Jan 11, 2013 8:27 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
| When tried otherway, I can see the QMB cert assigned to it.. If key store is corrupted, how can we resolve that? |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 11, 2013 8:31 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| manoj798 wrote: |
| When tried otherway, I can see the QMB cert assigned to it.. If key store is corrupted, how can we resolve that? |
So you can see inside the key store from the 'bad' server, which suggests that the file is OK and not corrupt. That takes us back to the issue being with the server, or file system. I suggest comparing directory/file permissions on the servers and seeing whether there's a mismatch.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| manoj798 |
| Posted: Fri Jan 11, 2013 8:40 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
| That actually I tried at the b initial stage, couldn't find anything differently, though I will try once more. I m leaving for the day. Will try tomorrow... Thanks for your support till this time... Expecting you tomorrow... |
|
| Back to top |
|
|
| manoj798 |
| Posted: Thu Jan 17, 2013 10:21 pm Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
Verified all the file and folder permissions with the good server all looks similar. Only option left behind is to recreate the queue manager. But I am not sure whether it will work or not, because when tried to create a dummy queue manager on the same server and try loading the cert, it didn't work..
Please let me know if you got any other idea... |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Jan 18, 2013 5:56 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| manoj798 wrote: |
Verified all the file and folder permissions with the good server all looks similar. Only option left behind is to recreate the queue manager. But I am not sure whether it will work or not, because when tried to create a dummy queue manager on the same server and try loading the cert, it didn't work..
Please let me know if you got any other idea... |
Can you please give us qmgr name and label name of the cert in the store that does not work.
Are you sure that the stash file is good?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| manoj798 |
| Posted: Sat Jan 19, 2013 6:05 pm Post subject: |
|
|
Apprentice
Joined: 17 Nov 2009
Posts: 30
|
Hi Saper,
This is MQ version 5.3, so I guess there is no label name required, just import the certs to the keystore via manage SSL certificate tab on qmgr properties. btw the qmgr name is AU322X1.MQ and the cert name is AU322X1 which is same as that of AU322Y1 where it is working fine... |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sun Jan 20, 2013 11:30 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| manoj798 wrote: |
Hi Saper,
This is MQ version 5.3, so I guess there is no label name required, just import the certs to the keystore via manage SSL certificate tab on qmgr properties. btw the qmgr name is AU322X1.MQ and the cert name is AU322X1 which is same as that of AU322Y1 where it is working fine... |
5.3 SSL was a little bit different. It's out of normal support so upgrade already! Go to 7.5!
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sun Jan 20, 2013 12:19 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| fjb_saper wrote: |
| 5.3 SSL was a little bit different. |
Understatement.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
