| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Command to change expiry of SSL certificate |
« View previous topic :: View next topic » |
| Author |
Message
|
| asudhakar |
 Posted: Mon Feb 21, 2011 3:29 pm Post subject: Command to change expiry of SSL certificate |
 |
|
Centurion
Joined: 12 May 2007
Posts: 116
Location: Bangalore
|
Hello All,
I tried to find a command to change MQ SSL certificate did nt find any where.. can any one help me with command.
For information
1.
MQ error log :
AMQ9658: An invalid SSL certificate has been encountered.
EXPLANATION:
An SSL certificate has been encountered which was not corrupt but which failed
validation checks on its date fields. The certificate has either expired, or
its date is not valid yet (i.e. the from date is later than today), or the
validity date range is incorrect (e.g. the to date is earlier than the from
date). The channel is 'QM10.TO.QM6'; in some cases its name cannot be
determined and so is shown as '????'. The channel did not start.
ACTION:
Ensure that both the local and remote systems have valid, current SSL
certificates. Restart the channel.
2.
Changed expiry of DB but its not working :
$ gsk7cmd -keydb -expiry -db "/var/mqm/qmgrs/QM10/ssl/QM10.kdb" -pw mwmimcoe
Validity: 0
$ gsk7cmd -keydb -changepw -db "/var/mqm/qmgrs/QM10/ssl/QM10.kdb" -pw mwmimcoe -new_pw mwmimcoe -expire 100 -stash
$ gsk7cmd -keydb -expiry -db "/var/mqm/qmgrs/QM10/ssl/QM10.kdb" -pw mwmimcoe
Validity: Thursday, June 2, 2011 7:56:35 AM GMT+05:30
3.
***** Check this expiry of certification. To date is jan 22. I need to change these dates.. CAN ANY ONE HELP ME With command.
-bash-3.1$ gsk7cmd -cert -details -db /var/mqm/qmgrs/QM1/ssl/QM1.kdb -label ibmwebspheremqqm1 -pw clientpass
Label: ibmwebspheremqqm1
Key Size: 1024
Version: X509 V3
Serial Number: 38 AC 84 2C F0 20 68 DB
Issued By: QM1
Subject: QM1
Valid From: Friday, January 20, 2012 11:35:53 PM IST To: Sunday, January 22, 2012 11:35:53 PM IST
Fingerprint: 2F:F9:BA:8A:D1:52:47:25:04:2D:14:DB:E6:D6:CD:80:6A:86:44:13
Signature Algorithm: 1.2.840.113549.1.1.4
Trust Status: enabled
Regards,
Sudha
_________________
WebSphere MQ, MB Support and Admin |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Mon Feb 21, 2011 5:48 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9399
Location: US: west coast, almost. Otherwise, enroute.
|
I've seen this come up when someone changes the date/time on the box. Is the date on the box correct?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| asudhakar |
| Posted: Tue Feb 22, 2011 4:23 am Post subject: |
|
|
Centurion
Joined: 12 May 2007
Posts: 116
Location: Bangalore
|
| bruce2359 wrote: |
| I've seen this come up when someone changes the date/time on the box. Is the date on the box correct? |
Thank you for your reply..
$ date
Wed Feb 23 05:20:59 GMT+05:30 2011
Above is the output for date.. seems its good. If it is date issue then how ssl for remaining MQ's are working fine.
I have other 2 QM's where ssl configured in same box and could see chls are running fine.
_________________
WebSphere MQ, MB Support and Admin |
|
| Back to top |
|
|
| fatherjack |
| Posted: Tue Feb 22, 2011 5:01 am Post subject: Re: Command to change expiry of SSL certificate |
|
|
Knight
Joined: 14 Apr 2010
Posts: 522
Location: Craggy Island
|
| asudhakar wrote: |
***** Check this expiry of certification. To date is jan 22. I need to change these dates.. CAN ANY ONE HELP ME With command.
-bash-3.1$ gsk7cmd -cert -details -db /var/mqm/qmgrs/QM1/ssl/QM1.kdb -label ibmwebspheremqqm1 -pw clientpass
Label: ibmwebspheremqqm1
Key Size: 1024
Version: X509 V3
Serial Number: 38 AC 84 2C F0 20 68 DB
Issued By: QM1
Subject: QM1
Valid From: Friday, January 20, 2012 11:35:53 PM IST To: Sunday, January 22, 2012 11:35:53 PM IST
Fingerprint: 2F:F9:BA:8A:D1:52:47:25:04:2D:14:DB:E6:D6:CD:80:6A:86:44:13
Signature Algorithm: 1.2.840.113549.1.1.4
Trust Status: enabled |
You need to install a valid certificate.
_________________
Never let the facts get in the way of a good theory. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Feb 22, 2011 5:34 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You can't "unexpire" a certificate.
Once it is expired, it needs to be renewed and resigned. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Feb 22, 2011 7:34 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
| asudhakar wrote: |
| bruce2359 wrote: |
| I've seen this come up when someone changes the date/time on the box. Is the date on the box correct? |
Thank you for your reply..
$ date
Wed Feb 23 05:20:59 GMT+05:30 2011
Above is the output for date.. seems its good. If it is date issue then how ssl for remaining MQ's are working fine.
I have other 2 QM's where ssl configured in same box and could see chls are running fine. |
Your information does not show the Year... and the problem might not be with the qmgr box, but with the box that created the kdb and the signature request.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Feb 22, 2011 8:00 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| fjb_saper wrote: |
| ...the problem might not be with the qmgr box, but with the box that created the kdb and the signature request... |
I'd hazard it's a self-signed certificate, and that a mistake was made in the 'validation from' 
| Quote: |
Issued By: QM1
Subject: QM1
Valid From: Friday, January 20, 2012 11:35:53 PM IST To: Sunday, January 22, 2012 11:35:53 PM IST |
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Feb 22, 2011 8:25 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9399
Location: US: west coast, almost. Otherwise, enroute.
|
Good eye.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
