Thanks Pavel for the response. I have already added the Signing CA to the key db of bot the queue manager. That process is all complete. I have also added one signed certificate to each of the qmgr's key db with proper label name as mentioned in the guide.
Now, I export the QM_1's signed certificate to be imported into QM_2's Key db using following to commands gsk6cmd -cert -export -db /var/mqm/qmgrs/QM_1/ssl/keys.kdb -pw passw0rd -label ibmwebspheremqqm_1 -type cms -target qm_1.p12 -target_pw passw0rd -target_type pkcs12 Then, import this into the QM_2's key db gsk6cmd -cert -import -file qm_1.p12 -pw passw0rd -type pkcs12 -target /var/mqm/qmgrs/QM_2/ssl/keys.kdb -target_pw passw0rd -target_type cms This is where I encounter the error. Raj Pavel Tolkachev <[EMAIL PROTECTED]> Sent by: MQSeries List <[EMAIL PROTECTED]> 08/26/2004 02:45 PM Please respond to MQSeries List To: [EMAIL PROTECTED] cc: Subject: Re: "Invalid key database type was found" V5.3 CSD05 SSL gsk6cmd failed for -type cms GSKit V6.0.5.43 Solaris 2.8 Hello Raj, At least one of our clients runs SSL on Solaris in production and we are about to migrate another one. I am not sure what exactly you are trying to do with importing, namely, what commands do you use? Import actually imports both public and private keys and you have to have the certificate of signing CA already added to your keystore. Hope this will help, Pavel Rajesh-IT Sharma <rajesh-it.sharma+exter To: [EMAIL PROTECTED] [EMAIL PROTECTED]> cc: Sent by: MQSeries List Subject: Re: "Invalid key database type was found" V5.3 CSD05 SSL gsk6cmd <[EMAIL PROTECTED] failed for -type cms GSKit V6.0.5.43 Solaris 2.8 T> 08/26/2004 02:02 PM Please respond to MQSeries List Thank you to all of you who replied to my earlier posting. Ok. I applied CSD07 and I am successfully able to create the certificates. Now, I am stuck at importing the certificates into the qmgr's keys db. I have created two Q Mgrs and able to create certificates for both of them that have been received into the keys db of each queue manager. Then I exported the certificate from both the queue managers into a file (-type pkcs12) and tried to import them ( qm 1's being imported into qm2's key db and vice-versa). However this fails giving me the error - An error occurred while inserting keys to the database. gsk6version information is @(#)ProductName: gsk6e (GoldCoast Build) 0406171803 @(#)ProductVersion: 6.0.5.43 @(#)ProductInfo: 04/06/15.00:00:28.04/06/17.18:11:04 Also, the classpath and path info remains the same as mentioned in the first email. I see messages that Interim fix need to be applied. I have the latest GSkit version running, do I still need to apply the Interim Fix. Finally, is anyone running MQ with SSL on Solaris in Production? Reason I ask this is that I have never had this much gotcha in setting anything with this much trouble and I would like to get a confidence level whether it is worth it at this time, or wait for it to stabilize a bit more -:) Raj Pavel Tolkachev <[EMAIL PROTECTED]> Sent by: MQSeries List <[EMAIL PROTECTED]> 08/19/2004 03:41 PM Please respond to MQSeries List To: [EMAIL PROTECTED] cc: Subject: Re: "Invalid key database type was found" V5.3 CSD05 SSL gsk6cmdf ailed for -type cms GSKit V6.0.5.43 Solaris 2.8 Yes, that's what I am saying: I built keystores on AIX and distributed to Solaris :-) Pavel Rajesh-IT Sharma <rajesh-it.sharma+exter To: [EMAIL PROTECTED] [EMAIL PROTECTED]> cc: Sent by: MQSeries List Subject: Re: "Invalid key database type was found" V5.3 CSD05 SSL gsk6cmdf ailed for <[EMAIL PROTECTED] -type cms GSKit V6.0.5.43 Solaris 2.8 T> 08/19/2004 02:36 PM Please respond to MQSeries List Pavel, Wouldn't it still be necessary to have a key database on Solaris even if I can create a certificate on AIX. Thank you for the response. I am considering CSD06. Raj Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive