| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SSL Certificate renewal / gsk6cmds |
« View previous topic :: View next topic » |
| Author |
Message
|
| thebeach |
 Posted: Mon Dec 04, 2006 10:57 pm Post subject: SSL Certificate renewal / gsk6cmds |
 |
|
Apprentice
Joined: 30 Mar 2004
Posts: 47
|
The standard SSL certificate name is ibmWebSphereMQ'QueueManagerName'.
A cetificate request can be created using the gsk6cmd command like this:
gsk6cmd -certreq -create -db DBname -pw xx -label ibmWebSphereMQQM1 -dn "CN etc etc " -size 1024 -file certreq.arm
When the certificate is received its loaded with something like :
gsk6cmd -cert -receive -file certificate.cer -db DBName -pw xx -format ascii
But when it comes to renewal time, whats the procedure?
Another certificate request can't be made as the label must be the same, ie ibmWebSphereMQQM1
I think whats needed is this:
gsk6cmd -certreq -recreate -label ibmWebSphereMQQM1 etc?
If so how do I then reload the certificate when I get it, with
gsk6cmd -cert -add? or
gsk6cmd -cert -receive?
And what of the current certificate with the name ibmWebSphereMQQM1? Does it need to be removed first?
I didn't find much documentation on renewing cerificates, so any points are welcome.
Thanks All. |
|
| Back to top |
|
 |
| bbburson |
| Posted: Tue Dec 05, 2006 7:18 am Post subject: Re: SSL Certificate renewal / gsk6cmds |
|
|
Partisan
Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager
|
This is based on my experience with my CA on UNIX (Sun/HP/AIX) systems. YMMV
| thebeach wrote: |
A cetificate request can be created using the gsk6cmd command like this:
gsk6cmd -certreq -create -db DBname -pw xx -label ibmWebSphereMQQM1 -dn "CN etc etc " -size 1024 -file certreq.arm |
If the original certreq.arm file still exists you can submit it to the CA to get a renewal certificate. If the file is no longer available, then use:
| thebeach wrote: |
| gsk6cmd -certreq -recreate -label ibmWebSphereMQQM1 etc? |
| thebeach wrote: |
If so how do I then reload the certificate when I get it, with
gsk6cmd -cert -add? or
gsk6cmd -cert -receive? |
-add is for CA certificates only; use -receive for the queue manager cert.
| thebeach wrote: |
| And what of the current certificate with the name ibmWebSphereMQQM1? Does it need to be removed first? |
The newly received cert will replace the old one. No other actions required (not even a bounce of the queue manager).
It is my understanding that the "label" attribute has to be ibmwebspheremqqmgrname in all lower case. If your examples work for you, I guess you're on different operating systems than I am. |
|
| Back to top |
|
|
| thebeach |
| Posted: Wed Dec 06, 2006 4:40 pm Post subject: |
|
|
Apprentice
Joined: 30 Mar 2004
Posts: 47
|
| Thats useful, thanks Bruce! |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
