| Author |
Message
|
| jcv |
 Posted: Thu Oct 05, 2017 5:16 am Post subject: How to stash a password for a Windows certificate store? |
 |
|
Chevalier
Joined: 07 May 2007
Posts: 411
Location: Zagreb
|
Managed .NET MQ client (C#) specified:
MQEnvironment.SSLKeyRepository = "*SYSTEM";
and received in AMQERR01.LOG:
AMQ9660: SSL key repository: password stash file absent or unusable.
What would be a procedure to obtain a password stash file for that kind of keystore, and where exactly that file should be placed? Is there an alternative in the form of giving a password via MQEnvironment? To be able to stash it, I guess one should be able to set it in the first place, and I don't think we have set it. I googled it a bit, and came up with https://blogs.technet.microsoft.com/pki/2009/06/16/what-is-a-strong-key-protection-in-windows/
Does anyone have any experience with this scenario? |
|
| Back to top |
|
 |
| jcv |
| Posted: Thu Oct 05, 2017 5:24 am Post subject: |
|
|
Chevalier
Joined: 07 May 2007
Posts: 411
Location: Zagreb
|
| That is password for private keys, closest match to the keystore password I found so far, for such keystore type. |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Oct 05, 2017 5:24 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Use IBM Key Management Tool that IBM have kindly provided, (an easy to use GUI) and one menu option is "stash password".
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Oct 05, 2017 5:28 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| zpat wrote: |
| Use IBM Key Management Tool that IBM have kindly provided, (an easy to use GUI) and one menu option is "stash password". |
You're missing the point here. The OP does not use an IBM or Java keystore.. The OP uses the windows keystore also associated with .NET and has a client trying to do SSL with an MQ Server.
So how an where do you create the stash file when the keystore is managed by Microsoft? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Oct 05, 2017 5:36 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Presumably you can still create a stash file with IBM keytool.
Where to put it is another question. I would start with the same directory as Microsoft uses.
Even better - don't use the Windows keystore... 
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| jcv |
| Posted: Thu Oct 05, 2017 6:47 am Post subject: |
|
|
Chevalier
Joined: 07 May 2007
Posts: 411
Location: Zagreb
|
| For the managed .NET client, Windows keystore is mandatory type of keystore. |
|
| Back to top |
|
|
|
|
