| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQSERIES SSL w/MQMON issue |
View previous topic :: View next topic |
| Author |
Message
|
| gctaz69 |
 Posted: Wed Apr 17, 2013 7:53 am Post subject: MQSERIES SSL w/MQMON issue |
 |
|
Newbie
Joined: 17 Apr 2013
Posts: 3
|
I'm unable to connect MQMON to remote qmgr w/SSL
I’m getting the error from MQMON:
09:10:52 Error connecting via client to 'QMGR99' RC(2381) SSL Key Repository error
The MQ error log provides:
4/17/2013 09:44:52 - Process(3936.122) User(calderong) Program(mqmonntp.exe)
Host(NANYDT135)
AMQ9660: SSL key repository: password stash file absent or unusable.
EXPLANATION:
The SSL key repository cannot be used because MQ cannot obtain a password to
access it. Reasons giving rise to this error include:
(a) the key database file and password stash file are not present in the
location configured for the key repository,
(b) the key database file exists in the correct place but that no password
stash file has been created for it,
(c) the files are present in the correct place but the userid under which MQ is
running does not have permission to read them,
(d) one or both of the files are corrupt.
The channel is 'SYSTEM.DEF.SVRCONN'; in some cases its name cannot be
determined and so is shown as '????'. The channel did not start.
ACTION:
Ensure that the key repository variable is set to where the key database file
is. Ensure that a password stash file has been associated with the key database
file in the same directory, and that the userid under which MQ is running has
read access to both files. If both are already present and readable in the
correct place, delete and recreate them. Restart the channel.
My Setup is:
On The Server Side
• Created keystore.kdb on MQ server and stashed password
• Created self-signed certificate on MQ server
• Extracted the public part of a self-signed certificate from a key repository
• Updated Qmgr w/keystore location
• Set up server connection channel w/SSL CIPHERSPEC “RC4_MD5_US”
• Refreshed SSL Security
On the MQMON Client side
• Created keystore.kdb on MQ server and stashed password
• Added previously extracted the public part of a self-signed certificate into key repository
• Added remote qmgr location to MQMON. In client config
o inserted ssl repository C:\Program Files\IBM\WebSphere MQ\keystore.kdb
(the location of the keystore on the local machine)
o inserted ssl Cipher Spec “RC4_MD5_US” |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Wed Apr 17, 2013 8:35 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Greg,
| Quote: |
| AMQ9660: SSL key repository: password stash file absent or unusable. |
says it all.
use the gskit to create the stash file. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| gctaz69 |
| Posted: Thu Apr 18, 2013 5:17 am Post subject: |
|
|
Newbie
Joined: 17 Apr 2013
Posts: 3
|
| Stash created MQE explorer did not work, Stash created by GSKIT as suggested got same result. MQMON does not seem tp find existing Stash. Any more suggestion? |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Apr 18, 2013 6:33 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
you need all the 4 or 5 files. In MQMON you specify the path and filename without the . or extension.
So if your key repository is in D:\ssl\gcal.kdb
you would supply D:\ssl\gcal to MQMON
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| gctaz69 |
| Posted: Thu Apr 18, 2013 8:46 am Post subject: |
|
|
Newbie
Joined: 17 Apr 2013
Posts: 3
|
|
| Back to top |
|
|
|
|
|
|
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
