MQSeries.net :: View topic

FZoli · Posted: Mon Aug 28, 2006 12:28 am Post subject: Error by setting SSL channel

Has anybody set up MQ SSL channel on AS/400? I have problem with it.
I have generated the key database in DCM with password "cms". A have imported the private (p12) and the public key (arm) of other QM into it. I have set the key database password ("cms") in the queue manager (after that it has generated a Stash.sth into the QM's ssl directory). The key database path is also set in QM (SSLKEYR points to the kdb file).
When I try to change the channel cipher spec from none to TRIPLE_DES_SHA_US. It writes into the log the following exception:

AMQ9660 SSL key repository: password stash file
absent or unusable.
Explanation: The SSL key repository cannot be used
because MQ cannot obtain a password to access it.
Reasons giving rise to this error include:
(a) the key database file and password stash file are not
present in the location configured for the key
repository,
(b) the key database file exists in the correct place but
that no password stash file has been created for it,
(c) the files are present in the correct place but the
userid under which MQ is running does not have
permission to read them,
(d) one or both of the files are corrupt.
The channel is â€™TARGET.SOURCEâ€™; in some cases its name cannot be
determined and so is shown as â€™????â€™. The channel did
not start.
User Response: Ensure that the key repository
variable is set to where the key database file is. Ensure
that a password stash file has been associated with the
key database file in the same directory, and that the
userid under which MQ is running has read access to
both files. If both are already present and readable in
the correct place, delete and recreate them. Restart the
channel.

QMQM user has permission to read all necessary files (stash, kdb and rdb). I have copied the Stash.sth to key.sth (key.kdb is the name of the key database file), but it still didn't works.

Has anybody any idea what is the problem?