| Author |
Message
|
| harshatej1 |
 Posted: Tue Jul 01, 2014 7:20 am Post subject: SSL cert expiry |
 |
|
Acolyte
Joined: 20 Nov 2013
Posts: 61
|
Hi,
Can you please tell me the command to find out the SSL certificate expiry date in mq v5.3? |
|
| Back to top |
|
 |
| JosephGramig |
| Posted: Tue Jul 01, 2014 9:29 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
In what OS?
This is horribly out of date. What use can this be? |
|
| Back to top |
|
|
| harshatej1 |
| Posted: Tue Jul 01, 2014 9:48 am Post subject: |
|
|
Acolyte
Joined: 20 Nov 2013
Posts: 61
|
Solaris...
I have to renew the certificate |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Tue Jul 01, 2014 9:58 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
Well, here is a link to the Info Center where you should be able to look it up.
Here is an old post about it.
Try gsk6cmd (or gsk5cmd) and post what you get in "code" tags. You might need to add something to your path... (gsk7cmd needs JAVA_HOME=/opt/mqm/ssl/jre)
I'm not sure where you are going with something this far beyond "End of Support" (EOS). The SSL in this version is completely obsolete. |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Tue Jul 01, 2014 10:04 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
The commands have not changed that much for this purpose:
gsk7cmd -cert -list -db blabla.kdb -pw <yourpassword>
# This will list all the certificates with labels, find yours
gsk7cmd -cert -detail -label "your cert's label' -db blabla.kdb -pw <yourpassword>
# This will display the details for the cert with the label mentioned (including expiry date) |
|
| Back to top |
|
|
| harshatej1 |
| Posted: Tue Jul 01, 2014 11:13 am Post subject: |
|
|
Acolyte
Joined: 20 Nov 2013
Posts: 61
|
I got this when I ran gsk6 command
JCE
ERROR: error message resource file is not well loaded. |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Wed Jul 02, 2014 6:10 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
| Don't know. I wouldn't even try. I would insist they upgrade to the latest and this is the result of bad planning on their part. So, this is your opportunity to get off Solaris. AIX is the best UNIX and if I could not have that, I would go with Linux. I would not consider any other flavor of UNIX. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Jul 02, 2014 6:44 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Did you search google and here for ERROR: error message resource file is not well loaded.
I did, and found this:
http://www.mqseries.net/phpBB/viewtopic.php?p=95590&sid=2e0d
Did you try the solution at the bottom of this post?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| harshatej1 |
| Posted: Wed Jul 02, 2014 6:45 am Post subject: |
|
|
Acolyte
Joined: 20 Nov 2013
Posts: 61
|
| Our client is not in a mood to upgrade. As of now I have to renew the certificate. Can any one please help me in this regard? |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Jul 02, 2014 6:56 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| harshatej1 wrote: |
| Our client is not in a mood to upgrade. As of now I have to renew the certificate. Can any one please help me in this regard? |
Did you look at bruce2359's post?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Jul 02, 2014 12:41 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Make sure the JAVA_HOME environment points to the java that came with MQ. In more modern versions you'd find it under /opt/mqm/java/jre and that's where you'd set your environment variable to point to...
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| harshatej1 |
| Posted: Tue Jul 08, 2014 7:30 am Post subject: |
|
|
Acolyte
Joined: 20 Nov 2013
Posts: 61
|
I tried the following command.
export JAVA_HOME=/opt/mqm/ssl
then I tried this.
>echo $JAVA_HOME
/opt/mqm/ssl
After this I tried gsk6 command. Still getting the same error.
>gsk6cmd -keydb -list -db key.kdb -pw XXXXX
JCE
ERROR: error message resource file is not well loaded. |
|
| Back to top |
|
|
| tczielke |
| Posted: Tue Jul 08, 2014 8:30 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
When I run across low level errors like you are getting, one thing that I have found helpful is a system call trace. Sometimes, there is a clue in the output (i.e. what file is not being properly found) that can help with the resolution.
Since you are on Solaris, that would be run with the following:
truss -f -o truss.out gsk6cmd -keydb -list -db key.kdb -pw XXXXX
The system call trace will be written to the truss.out file. I would look near the bottom for clues. |
|
| Back to top |
|
|
| Tibor |
| Posted: Wed Jul 09, 2014 12:14 am Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
| harshatej1 wrote: |
I tried the following command.
export JAVA_HOME=/opt/mqm/ssl |
Please check it again, whether a JRE is really placed in this directory.
For example, you can find a JRE instance in MQ v7.1 (Linux, 64-bit) here:
| Code: |
| export JAVA_HOME=/opt/mqm/java/jre64/jre/ |
|
|
| Back to top |
|
|
| tczielke |
| Posted: Wed Jul 09, 2014 4:56 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
One other note if you are thinking of using the truss to debug this. That error message you are seeing:
JCE
ERROR: error message resource file is not well loaded.
should appear in the truss output as a write to file descriptor 2 (standard error). So if you do a find on that error message (maybe use just the JCE or ERROR text in your search), you should be able to find right before the write some clues on why this error was produced. |
|
| Back to top |
|
|
|
|
