ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » How to stash a password for a Windows certificate store?

Post new topic  Reply to topic
 How to stash a password for a Windows certificate store? « View previous topic :: View next topic » 
Author Message
jcv
PostPosted: Thu Oct 05, 2017 5:16 am    Post subject: How to stash a password for a Windows certificate store? Reply with quote

Chevalier

Joined: 07 May 2007
Posts: 411
Location: Zagreb

Managed .NET MQ client (C#) specified:

MQEnvironment.SSLKeyRepository = "*SYSTEM";

and received in AMQERR01.LOG:

AMQ9660: SSL key repository: password stash file absent or unusable.

What would be a procedure to obtain a password stash file for that kind of keystore, and where exactly that file should be placed? Is there an alternative in the form of giving a password via MQEnvironment? To be able to stash it, I guess one should be able to set it in the first place, and I don't think we have set it. I googled it a bit, and came up with https://blogs.technet.microsoft.com/pki/2009/06/16/what-is-a-strong-key-protection-in-windows/
Does anyone have any experience with this scenario?
Back to top
View user's profile Send private message Visit poster's website
jcv
PostPosted: Thu Oct 05, 2017 5:24 am    Post subject: Reply with quote

Chevalier

Joined: 07 May 2007
Posts: 411
Location: Zagreb

That is password for private keys, closest match to the keystore password I found so far, for such keystore type.
Back to top
View user's profile Send private message Visit poster's website
zpat
PostPosted: Thu Oct 05, 2017 5:24 am    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5849
Location: UK

Use IBM Key Management Tool that IBM have kindly provided, (an easy to use GUI) and one menu option is "stash password".
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Thu Oct 05, 2017 5:28 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20695
Location: LI,NY

zpat wrote:
Use IBM Key Management Tool that IBM have kindly provided, (an easy to use GUI) and one menu option is "stash password".

You're missing the point here. The OP does not use an IBM or Java keystore.. The OP uses the windows keystore also associated with .NET and has a client trying to do SSL with an MQ Server.

So how an where do you create the stash file when the keystore is managed by Microsoft?
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
zpat
PostPosted: Thu Oct 05, 2017 5:36 am    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5849
Location: UK

Presumably you can still create a stash file with IBM keytool.

Where to put it is another question. I would start with the same directory as Microsoft uses.

Even better - don't use the Windows keystore...
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
jcv
PostPosted: Thu Oct 05, 2017 6:47 am    Post subject: Reply with quote

Chevalier

Joined: 07 May 2007
Posts: 411
Location: Zagreb

For the managed .NET client, Windows keystore is mandatory type of keystore.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » How to stash a password for a Windows certificate store?
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.