| Author |
Message
|
| b_anup |
 Posted: Tue Aug 12, 2014 7:06 am Post subject: Error while adding the signed certs using GSK |
 |
|
Novice
Joined: 26 Jun 2014
Posts: 11
|
Hi All,
We are getting below error while adding signed certificate in queue manager SSL directory.
"An error occurred while receiving the certificate from the given file"
We have MQ 6.0.0.0 version on solaris server.
We have below GSK version
PKGINST: gsk7bas
VERSION: 7.0.3.15
PKGINST: gsk7bas64
VERSION: 7.0.3.15
Following steps are performed before we got an error.
a> Kdb creation
gsk7cmd -keydb -create -db /var/mqm/qmgrs/XXXXXXXX/ssl/XXXXXXXX.kdb -pw ******* -type cms -expire 500 -stash
b> Adding the partner CA cert
gsk7cmd -cert -add -db /var/mqm/qmgrs/XXXXXXXX/ssl/XXXXXXXX.kdb -pw <password> -label label1 -file PublicCertTest.cer -format ascii
c> Cert Request creation on own server:
gsk7cmd -certreq -create -db /var/mqm/qmgrs/XXXXXXXX/ssl/XXXXXXXX.kdb -pw <password> -label label2 -dn "CN=XXXXXXXX,OU=WMQ,O=**,C=++" -file XXXXXXXXreq.arm -size 1024
where,
XXXXXXXX is queue manager name
** and ++ are the details
When we tried to add signed certificate from partner, with below command we are getting the error.
gsk7cmd -cert -receive -db /var/mqm/qmgrs/XXXXXXXX/ssl/XXXXXXXX.kdb -pw ***** -file FILEName.cer -format ascii
Could you please provide any help to resolve this error?
Thanks & Regards, |
|
| Back to top |
|
 |
| smdavies99 |
| Posted: Tue Aug 12, 2014 7:22 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
WMQ 6.0.0.0 ?????
No fixpacks? Are you sure that none of the FixPacks release by IBM contained fixes for the issue you are seeing?
This version went out of support a long time ago.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| b_anup |
| Posted: Tue Aug 12, 2014 7:35 am Post subject: |
|
|
Novice
Joined: 26 Jun 2014
Posts: 11
|
Hi Jedi,
Thanks for your reply.
Currently we do not have any fix pack installed. Could you please suggest any fix pack version? |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Aug 12, 2014 7:45 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| b_anup wrote: |
| Currently we do not have any fix pack installed. Could you please suggest any fix pack version? |
Given that all versions of WMQv6 are now out of support and have been for some time, adding a fix pack is a bit like putting lipstick on a pig.
You could try this, which is the only v6 fix pack left to consider. But note:
- this is a long, long way forward from what you're currently running (which was released in 2005!) and you'll need to regression test the **** out of your system to ensure none of the fixes / changed behaviours trip up any of your applications
- IIRC gsk7 came with WMQv7 and there's no guarantee that it will work even after the fix pack
- Both of these problems are the direct result of you being so far back version and if anyone on the site starts whining then you should point out that if they'd moved with the times then all this would be much easier.
My 2 cents - forget the fix pack, move to a supported WMQ. It's the same level of regression testing but with the fix pack you'll still be on an unsupported level, albeit a fixed one.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Aug 12, 2014 8:03 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Examine the file your partner sent you, carefully, because depending on what platform it was signed on, or what text editor they used to copy/paste into, there may be some escape characters in there (Windows has a bad habit of inserting ^M) and they don't always show up in a 'cat' or 'more', so use vi...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| tczielke |
| Posted: Tue Aug 12, 2014 8:56 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
| od (octaldump) is also helpful when you want to byte inspect a file on Solaris. |
|
| Back to top |
|
|
| b_anup |
| Posted: Tue Aug 12, 2014 9:22 am Post subject: |
|
|
Novice
Joined: 26 Jun 2014
Posts: 11
|
I have tried doing a vi and it looks good.
Had there been any ctrl+M character it would have shown there. |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Aug 12, 2014 10:34 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| b_anup wrote: |
I have tried doing a vi and it looks good.
Had there been any ctrl+M character it would have shown there. |
OK, so I have had this before (occasionally with that vintage of software) where an apparently perfectly good request has not been matched by the signed cert, so, delete the current request, regenerate another one, get it signed, and see if you get the same error.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Aug 12, 2014 10:39 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| exerk wrote: |
| b_anup wrote: |
I have tried doing a vi and it looks good.
Had there been any ctrl+M character it would have shown there. |
OK, so I have had this before (occasionally with that vintage of software) where an apparently perfectly good request has not been matched by the signed cert, so, delete the current request, regenerate another one, get it signed, and see if you get the same error. |
Or do the sensible (if more time consuming) thing and abandon the vintage software.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
