ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » SSL Certificate renewal / gsk6cmds

Post new topic  Reply to topic
 SSL Certificate renewal / gsk6cmds « View previous topic :: View next topic » 
Author Message
thebeach
PostPosted: Mon Dec 04, 2006 10:57 pm    Post subject: SSL Certificate renewal / gsk6cmds Reply with quote

Apprentice

Joined: 30 Mar 2004
Posts: 47

The standard SSL certificate name is ibmWebSphereMQ'QueueManagerName'.

A cetificate request can be created using the gsk6cmd command like this:

gsk6cmd -certreq -create -db DBname -pw xx -label ibmWebSphereMQQM1 -dn "CN etc etc " -size 1024 -file certreq.arm

When the certificate is received its loaded with something like :

gsk6cmd -cert -receive -file certificate.cer -db DBName -pw xx -format ascii


But when it comes to renewal time, whats the procedure?

Another certificate request can't be made as the label must be the same, ie ibmWebSphereMQQM1

I think whats needed is this:
gsk6cmd -certreq -recreate -label ibmWebSphereMQQM1 etc?

If so how do I then reload the certificate when I get it, with

gsk6cmd -cert -add? or
gsk6cmd -cert -receive?


And what of the current certificate with the name ibmWebSphereMQQM1? Does it need to be removed first?

I didn't find much documentation on renewing cerificates, so any points are welcome.


Thanks All.
Back to top
View user's profile Send private message
bbburson
PostPosted: Tue Dec 05, 2006 7:18 am    Post subject: Re: SSL Certificate renewal / gsk6cmds Reply with quote

Partisan

Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager

This is based on my experience with my CA on UNIX (Sun/HP/AIX) systems. YMMV
thebeach wrote:
A cetificate request can be created using the gsk6cmd command like this:

gsk6cmd -certreq -create -db DBname -pw xx -label ibmWebSphereMQQM1 -dn "CN etc etc " -size 1024 -file certreq.arm

If the original certreq.arm file still exists you can submit it to the CA to get a renewal certificate. If the file is no longer available, then use:

thebeach wrote:
gsk6cmd -certreq -recreate -label ibmWebSphereMQQM1 etc?


thebeach wrote:
If so how do I then reload the certificate when I get it, with

gsk6cmd -cert -add? or
gsk6cmd -cert -receive?

-add is for CA certificates only; use -receive for the queue manager cert.

thebeach wrote:
And what of the current certificate with the name ibmWebSphereMQQM1? Does it need to be removed first?

The newly received cert will replace the old one. No other actions required (not even a bounce of the queue manager).

It is my understanding that the "label" attribute has to be ibmwebspheremqqmgrname in all lower case. If your examples work for you, I guess you're on different operating systems than I am.
Back to top
View user's profile Send private message
thebeach
PostPosted: Wed Dec 06, 2006 4:40 pm    Post subject: Reply with quote

Apprentice

Joined: 30 Mar 2004
Posts: 47

Thats useful, thanks Bruce!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » SSL Certificate renewal / gsk6cmds
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.