| Author |
Message
|
| mqmike |
 Posted: Mon Nov 15, 2004 6:21 am Post subject: SSL on AIX |
 |
|
Acolyte
Joined: 09 Jul 2004
Posts: 63
|
We have a box running AIXv5.2 and MQv5.3 Csd05.
I've installed the gskit but have now noticed that there is no /usr/mqm/ssl directory. I guess there is an option on MQ install whether you're using SSL or not and this hasn't been taken.
What can I do to start using SSL? Do I need a full re-install or can I create thing maunally? |
|
| Back to top |
|
 |
| Philip Morten |
| Posted: Mon Nov 15, 2004 7:50 am Post subject: |
|
|
Master
Joined: 07 Mar 2002
Posts: 230
Location: Hursley Park
|
You need to install filset gskak.rte at level 6.0.4.37 from CSD05, the mqm.keyman.rte fileset from the original media and then update it using the same fileset from CSD05.
_________________
Philip Morten
The postings on this site are my own and do not necessarily represent IBM's positions, strategies or opinions. |
|
| Back to top |
|
|
| mqmike |
| Posted: Mon Nov 15, 2004 8:48 am Post subject: |
|
|
Acolyte
Joined: 09 Jul 2004
Posts: 63
|
Phil
I think gskak.rte was installed from the CSD.
Do I need to get the disc and install mqm.keyman.rte fileset from it? How do I update this?
Cheers |
|
| Back to top |
|
|
| vennela |
| Posted: Mon Nov 15, 2004 8:50 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
| Quote: |
Phil
I think gskak.rte was installed from the CSD.
Do I need to get the disc and install mqm.keyman.rte fileset from it? How do I update this?
Cheers |
I would say reinstall just the gskit. If it is already installed and you don't see the filesystem, then there is something wrong with the installation. Uninstall just the existing gskit and reinstall it. |
|
| Back to top |
|
|
| Philip Morten |
| Posted: Mon Nov 15, 2004 9:09 am Post subject: |
|
|
Master
Joined: 07 Mar 2002
Posts: 230
Location: Hursley Park
|
| vennela wrote: |
| Quote: |
Phil
I think gskak.rte was installed from the CSD.
|
|
lslpp -l gskak.rte should show a level of 6.0.4.37 if it came from CSD05, a later level is OK.
| Quote: |
| Quote: |
Do I need to get the disc and install mqm.keyman.rte fileset from it? How do I update this?
Cheers |
I would say reinstall just the gskit. If it is already installed and you don't see the filesystem, then there is something wrong with the installation. Uninstall just the existing gskit and reinstall it. |
No, /usr/mqm/ssl comes from the fileset mqm.keyman.rte _not_ from gskak.rte. If /usr/mqm/ssl is not present then I would say that mqm.keyman.rte was not selected when the product was originally installed ( lslpp will easily confirm this). If gskak.rte has been installed from CDS05 then you need to install mqm.keyman.rte from your original WebSphere MQ CD and then install the update for it from CSD05 in the normal way. mqm.keyman.rte at CSD05 pre-reqs the required level of gskak.rte so you should not be able to get this wrong
_________________
Philip Morten
The postings on this site are my own and do not necessarily represent IBM's positions, strategies or opinions. |
|
| Back to top |
|
|
| mqmike |
| Posted: Mon Nov 15, 2004 9:21 am Post subject: |
|
|
Acolyte
Joined: 09 Jul 2004
Posts: 63
|
Thanks Phil
lslpp -l gskak.rte
Fileset Level State Description
----------------------------------------------------------------------------
Path: /usr/lib/objrepos
gskak.rte 6.0.4.37 COMMITTED AIX Certificate and SSL Base
Runtime ACME Toolkit
mqadmin@mqtest:/var/mqm> lslpp -l | grep mqm
mqm.Client.Bnd 5.3.0.2 COMMITTED WebSphere MQ Client Bundle
mqm.Server.Bnd 5.3.0.2 COMMITTED WebSphere MQ Server Bundle
mqm.base.runtime 5.3.0.5 APPLIED WebSphere MQ Runtime for
mqm.base.samples 5.3.0.5 APPLIED WebSphere MQ Samples
mqm.base.sdk 5.3.0.5 APPLIED WebSphere MQ Base Kit for
mqm.client.rte 5.3.0.5 APPLIED WebSphere MQ Client for AIX
mqm.gateway.rte 5.2.0.0 COMMITTED MQSeries Internet Gateway -
mqm.gateway.samples 5.2.0.0 COMMITTED MQSeries Internet Gateway -
mqm.html.base.doc 5.2.0.0 COMMITTED MQSeries Online Documentation
mqm.msg.en_US 5.3.0.5 APPLIED WebSphere MQ Messages - U.S.
mqm.server.rte 5.3.0.5 APPLIED WebSphere MQ Server
mqm.base.runtime 5.3.0.5 APPLIED WebSphere MQ Runtime for
mqm.gateway.rte 5.2.0.0 COMMITTED MQSeries Internet Gateway -
mqm.gateway.rte.data 5.2.0.0 COMMITTED MQSeries Internet Gateway -
mqm.gateway.samples.data 5.2.0.0 COMMITTED MQSeries Internet Gateway -
mqm.html.en_US.doc 5.2.0.0 COMMITTED MQSeries Online Documentation
mqm.man.en_US.data 5.3.0.2 COMMITTED WebSphere MQ Man Pages - U.S.
So I guess we dont have mqm.keyman.rte on there. This leaves me with more questions:
1) Do I need to stop mq to install this from the media or are the two independent?
2) Once this is on how do I update it from the CSD - it shows above as being committed so I can't uninstall and put it on again?
Thanks for your help |
|
| Back to top |
|
|
| btjo |
| Posted: Mon Nov 15, 2004 9:30 am Post subject: |
|
|
Novice
Joined: 07 Jul 2004
Posts: 19
|
| Stop your engines before you refuel. |
|
| Back to top |
|
|
| Philip Morten |
| Posted: Mon Nov 15, 2004 9:50 am Post subject: |
|
|
Master
Joined: 07 Mar 2002
Posts: 230
Location: Hursley Park
|
| Quote: |
1) Do I need to stop mq to install this from the media or are the two independent?
|
No, I don't see a check for running queue managers in that fileset.
| Quote: |
2) Once this is on how do I update it from the CSD - it shows above as being committed so I can't uninstall and put it on again? |
Actually now that I've looked the mqm.keyman.rte was not updated in CSD05 so you only need to install the base fileset from the CD.
_________________
Philip Morten
The postings on this site are my own and do not necessarily represent IBM's positions, strategies or opinions. |
|
| Back to top |
|
|
| mqmike |
| Posted: Tue Nov 16, 2004 4:55 am Post subject: |
|
|
Acolyte
Joined: 09 Jul 2004
Posts: 63
|
|
| Back to top |
|
|
| mqmike |
| Posted: Thu Nov 18, 2004 3:13 am Post subject: |
|
|
Acolyte
Joined: 09 Jul 2004
Posts: 63
|
I've got the necessary filesets on there now and my gskit is running at 6.0.4.37. I've seen loads of posts on this site about problems creating a key database and I seem to have run into the same problem. As a work around, I tried the suggestion in the CSD readme about updating some jar files. Unfortunately this hasn't worked either.
Is there anything else I can check/do?
If not can I just update the gskit from CSD08 and try this (as opposed to implementing the full CSD08 and waiting a fortnight for changes to be approved etc)? |
|
| Back to top |
|
|
| EddieA |
| Posted: Thu Nov 18, 2004 10:11 am Post subject: |
|
|
Jedi
Joined: 28 Jun 2001
Posts: 2453
Location: Los Angeles
|
| Quote: |
| I've seen loads of posts on this site about problems creating a key database |
The 2 usual culprits are:
Not setting the JAVA_HOME environment settings.
Not copying the latest GSKit JAR files to the MQ directory, as described in the MQ CSD ReadMe.
Cheers,
_________________
Eddie Atherton
IBM Certified Solution Developer - WebSphere Message Broker V6.1
IBM Certified Solution Developer - WebSphere Message Broker V7.0 |
|
| Back to top |
|
|
| LearnMQSI |
| Posted: Wed Dec 08, 2004 9:03 pm Post subject: GSKit |
|
|
Centurion
Joined: 20 Aug 2002
Posts: 137
|
Hi MQ Eperts,
I have a question about GSKit
Which of the following platforms need ONLY the IBM Global Security Kit?
1. HP-UX
2. iSeries
3. Windows
4. AIX
5. z/OS
I'm not sure if z/OS is also the same as zSeries? |
|
| Back to top |
|
|
|
|
