Hi Pavel, thanks for your answer! But the documentation only shows how to create the personal certificate, not how to create CAs. How can I create a self-signed CA? I'm using one key database for each queue manager.
Regards Christian -----Ursprüngliche Nachricht----- Von: Pavel Tolkachev [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 17. September 2003 17:41 An: [EMAIL PROTECTED] Betreff: Re: self signed certificate / AMQ9633 Hello Christian, You can use gsk6cmd to create self-signed CA and sign certificates for CSM key database. It is very slow though. You have to have both CA (if you choose to use different for each QM) in each QM's key database. Hope this will help, Pavel "Bock, Christian" <[EMAIL PROTECTED] To: [EMAIL PROTECTED] R-BANK.COM> cc: Sent by: MQSeries List Subject: self signed certificate / AMQ9633 <[EMAIL PROTECTED] T> 09/17/2003 09:57 AM Please respond to MQSeries List Hello all, I'm trying to manage a SSL connection between two queue manager on an Solaris box. For this purpose I created a self signed certificate. But I got the following error: ---------------------------------------------------------------------------- --- 09/17/03 15:12:49 AMQ9633: Bad SSL certificate for channel 'QM1.TO.QM2'. EXPLANATION: A certificate encountered during SSL handshaking is regarded as bad for one of the following reasons: (a) it was formatted incorrectly and could not be validated, or (b) it was formatted correctly but failed validation against the Certification Authority (CA) root and other certificates held on the local system, or (c) it was found in a Certification Revocation List (CRL) on an LDAP server. The channel is 'QM1.TO.QM2'; in some cases its name cannot be determined and so is shown as '????'. The channel did not start. ACTION: Check which of the three possible causes applies on your system. Correct the error, and restart the channel. ----- amqccisx.c : 1014 ------------------------------------------------------- That's probably because I have no CA. Where do I get the CA for my certificate? I thought self signed certificate means, that I don't need a CA cause I signed the certificate by myself?? Any suggestions? Regards Christian -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive