| Author |
Message
|
| migz0901 |
 Posted: Wed Oct 28, 2015 10:47 pm Post subject: WMQ CA certificate private key setting |
 |
|
Apprentice
Joined: 01 Nov 2012
Posts: 28
|
Hi Guys,
I have tried to find out as where to set the PRIVATE KEY to YES in CA certificate as below.
I generated one CSR and then send to our SSL admin to sign and generate CA certificate, first they sent me certificate and I imported it to our qmgr and worked fine in test.
I generated CSR for our PROD QMGR and follow same process, e.g. sent to SSL admin for certificate generation, but this time SSL admin generated
certificate with PRIVATE KEY=NO.
Any idea where to set the private key to YES? Please see below two listing of certificate.
Label: ibmWebSphereMQMQS3
Certificate ID:
Status: TRUST
Start Date: 2015/08/28 10:52:38
End Date: 2025/08/28 11:02:38
Serial Number:
>
Key Type: RSA
Key Size: 1024
Private Key: YES
-------------------------
Label: ibmWebSphereMQMQS3c2025
Status: TRUST
Start Date: 2015/10/26 14:24:25
End Date: 2025/10/26 14:34:25
Serial Number:
Key Type: RSA
Key Size: 1024
Private Key: NO
Many thanks,
Migz0901
Last edited by migz0901 on Thu Oct 29, 2015 1:06 am; edited 1 time in total |
|
| Back to top |
|
 |
| exerk |
| Posted: Thu Oct 29, 2015 1:01 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
You really should remove or obfuscate the information you've posted. I'm a stranger on the internet but I now know the platform on which your queue managers run, the name of at least one of those queue managers, the organisation you work for, and probably the actual geographical location of the infrastructure...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| migz0901 |
| Posted: Thu Oct 29, 2015 1:07 am Post subject: |
|
|
Apprentice
Joined: 01 Nov 2012
Posts: 28
|
| Thank you Sir,, done. but can you help with my queries? |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Oct 29, 2015 1:21 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| migz0901 wrote: |
| ...can you help with my queries? |
No sorry, but I'm sure someone who can will be along soon.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Oct 29, 2015 4:35 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
I would have expected your labels to be all lowercase...
I believe the private key depends on how you generated the CSR.
Make sure you do have a private key in the keystore before generating the CSR.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Oct 29, 2015 4:35 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Why haven't you gone back to the sysadmin and bothered them?
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Oct 29, 2015 4:55 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| fjb_saper wrote: |
| I would have expected your labels to be all lowercase... |
Big Iron uses camel-case - not sure if that's still true for MQ V8.0 though 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| migz0901 |
| Posted: Mon Nov 02, 2015 6:06 pm Post subject: |
|
|
Apprentice
Joined: 01 Nov 2012
Posts: 28
|
| how to check keystore in mainframe? |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Nov 02, 2015 8:41 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Presuming you mean z/OS, certs are managed by IBMs RACF product RACDCERT command. Your security support team will have authority to use the command.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
