| Author |
Message
|
| mhubbard |
 Posted: Thu Aug 26, 2004 4:09 am Post subject: An error occurred while inserting keys to the database. |
 |
|
Acolyte
Joined: 25 Aug 2004
Posts: 54
|
Hello -
I am trying to get ssl working on linux. I have struggled with every gsk6cmd command problem that has been noted in other threads...(invalid type, not all types listed..etc). I have used the tips from those threads, but this is the best I can do:
-keydb -create -db /var/mqm/qmgrs/QM1/ssl/key.kbd -type CMS -pw xxx
An error occurred while inserting keys to the database.
Thats it....thats the only message I get.
I have tried all kinds of variations on the db name including just QM1/key.kbd. There is clearly something terribly wrong as shown by this example where I include all the correct parameters:
gsk6cmd -keydb -create -db QM1/key.kbd -type CMS -pw xxx -expire 365 -stash
-expire is not a valid parameter for UNKNOW key database or key store.
I have tried many variations on JAVA_HOME including /opt/IBMJava2-14 and /opt/mqm/ssl/jre. The latter was the only thing that got me past the invalid database problem
Are there any other ideas?
Thank you
_________________
Michael J. Hubbard |
|
| Back to top |
|
 |
| JasonE |
| Posted: Thu Aug 26, 2004 5:20 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
| What version of gskit are you using - I think you need to apply a new version from the interim fixes download site. |
|
| Back to top |
|
|
| mhubbard |
| Posted: Thu Aug 26, 2004 7:05 am Post subject: Global Security Kit |
|
|
Acolyte
Joined: 25 Aug 2004
Posts: 54
|
Hello and thanks for the response.
I am using the gsk 6.0-3.33. It is the one that came with the trial version. Could you please post the url for this interim fixes download site? I am having trouble finding it....but this could be because I am only a trial user.
Thanks
_________________
Michael J. Hubbard |
|
| Back to top |
|
|
| JasonE |
| Posted: Thu Aug 26, 2004 7:26 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
|
| Back to top |
|
|
| gunter |
| Posted: Thu Aug 26, 2004 7:50 am Post subject: |
|
|
Partisan
Joined: 21 Jan 2004
Posts: 307
Location: Germany, Frankfurt
|
At first Update to CSD07, then read memo.ptf and follow the instructions to install the jar-files.
This works on Fedora core 2, kernel-2.6.7-1.494.2.2
(I'va a problem with kernel-2.6.8-1.521 )
| Code: |
$ export LD_ASSUME_KERNEL=2.4.19
$ export PATH=/opt/IBMJava2-14/bin:$PATH
$ export JAVA_HOME=/opt/mqm/ssl/jre
$ java -version
java version "1.4.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0)
Classic VM (build 1.4.0, J2RE 1.4.0 IBM build cxia32140-20020917a (JIT enabled: jitc))
$ gsk6cmd -keydb -create -db key.kdb -type cms -stash -pw password |
_________________
Gunter Jeschawitz
IBM Certified System Administrator - Websphere MQ, 5.3 |
|
| Back to top |
|
|
| srvm |
| Posted: Thu Aug 26, 2004 10:47 am Post subject: |
|
|
Apprentice
Joined: 18 Aug 2004
Posts: 43
|
Ok. I applied CSD07 and I am successfully able to create the certificates. Now, I am stuck at importing the certificates into the qmgr's keys db. I have created two Q Mgrs and able to create certificates for both of them that have been received into the keys db of each queue manager. Then I exported the certificate from both the queue managers into a file (-type pkcs12) and tried to import them ( qm 1's being imported into qm2's key db and vice-versa). However this fails giving me the error -
An error occurred while inserting keys to the database.
gsk6version information is
@(#)ProductName: gsk6e (GoldCoast Build) 0406171803
@(#)ProductVersion: 6.0.5.43
@(#)ProductInfo: 04/06/15.00:00:28.04/06/17.18:11:04
Also, the classpath and path info remains the same as mentioned in the first posting.
http://www.mqseries.net/phpBB2/viewtopic.php?t=17089
I see messages that Interim fix need to be applied. I have the latest GSkit version running, do I still need to apply the Interim Fix.
Finally, is anyone running MQ with SSL on Solaris in Production? Reason I ask this is that I have never had this much gotcha in setting anything with this much trouble and I would like to get a confidence level whether it is worth it at this time, or wait for it to stabilize a bit more -
Raj |
|
| Back to top |
|
|
| mhubbard |
| Posted: Fri Aug 27, 2004 9:36 am Post subject: The binary library jpkcs11 could not be loaded |
|
|
Acolyte
Joined: 25 Aug 2004
Posts: 54
|
Original newbe here....
I went to CSD07, also went to the interim fixes for GSK. I followed the jar file instructions in memo.ptf. Now the gsk6cmd gives me:
The binary library jpkcs11 could not be loaded.
The nearest thing I have to this is ibmpkcs11.jar in /opt/mqm/ssl/jre/lib/ext and all the permissions on this appear correct.
Sorry for the long struggle....
_________________
Michael J. Hubbard |
|
| Back to top |
|
|
| techno |
| Posted: Fri Aug 27, 2004 10:15 am Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
Fix Java Home and Path so that they are poiting to java 1.4. Also make sure that you have done configuration for all the security providers in java.security file.
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.ibm.crypto.provider.IBMJCE
security.provider.7=com.ibm.spi.IBMCMSProvider |
|
| Back to top |
|
|
| mhubbard |
| Posted: Fri Aug 27, 2004 1:57 pm Post subject: The binary library jpkcs11 could not be loaded |
|
|
Acolyte
Joined: 25 Aug 2004
Posts: 54
|
I have JAVA_HOME and PATH set up exactly as gunter showed earlier in this thread:
JAVA_HOME=/opt/mqm/ssl/jre
PATH=/opt/IBMJava2-14/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/local/ssl/bin
java -version yields:
java version "1.4.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0)
Classic VM (build 1.4.0, J2RE 1.4.0 IBM build cxia32140-20020917a (JIT enabled: jitc))
I don't understand what you mean by the configuration for the providers in java.security. The only java.security files I have came with either gsk6 or the MQSeriesJava or MQSeriesKeyman rpms that I installed. I can't find any documentation on specific configurations that have to be done.
_________________
Michael J. Hubbard |
|
| Back to top |
|
|
| techno |
| Posted: Mon Aug 30, 2004 7:49 am Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
What I meant was: You may not have all the security prioviders configured( CMS, JKS etc)
Did you try using gsk6ikm (GUI based) instead of gsk6cmd ? |
|
| Back to top |
|
|
| srvm |
| Posted: Wed Sep 01, 2004 5:32 am Post subject: |
|
|
Apprentice
Joined: 18 Aug 2004
Posts: 43
|
chk the java.security has following entry
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.spi.IBMCMSProvider
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.ibm.jsse.JSSEProvider
#
Also, make sure you copied all the jar files from GSKit directory to /opt/mqm/ssl/lib/ext per the memo.ptf.
Raj |
|
| Back to top |
|
|
|
|
