Hello Raj,
Not sure I can help here. You may want to call IBM. One question though: why do you
need to move private keys around? Usually, the private key belongs to one and only one
principal.. Also, is the key label you use (ibmwebspheremqqm_1) unique in the
destination file?
Pavel
Rajesh-IT Sharma
<rajesh-it.sharma+exter To: [EMAIL PROTECTED]
[EMAIL PROTECTED]> cc:
Sent by: MQSeries List Subject: Re: "Invalid key
database type was found" V5.3 CSD05 SSL gsk6cmd
<[EMAIL PROTECTED] failed for -type cms GSKit V6.0.5.43
Solaris 2.8
T>
08/26/2004 03:00 PM
Please respond to
MQSeries List
Thanks Pavel for the response.
I have already added the Signing CA to the key db of bot the queue
manager. That process is all complete. I have also added one signed
certificate to each of the qmgr's key db with proper label name as
mentioned in the guide.
Now, I export the QM_1's signed certificate to be imported into QM_2's Key
db using following to commands
gsk6cmd -cert -export -db /var/mqm/qmgrs/QM_1/ssl/keys.kdb -pw passw0rd
-label ibmwebspheremqqm_1 -type cms -target qm_1.p12 -target_pw passw0rd
-target_type pkcs12
Then, import this into the QM_2's key db
gsk6cmd -cert -import -file qm_1.p12 -pw passw0rd -type pkcs12 -target
/var/mqm/qmgrs/QM_2/ssl/keys.kdb -target_pw passw0rd -target_type cms
This is where I encounter the error.
Raj
Pavel Tolkachev <[EMAIL PROTECTED]>
Sent by: MQSeries List <[EMAIL PROTECTED]>
08/26/2004 02:45 PM
Please respond to MQSeries List
To: [EMAIL PROTECTED]
cc:
Subject: Re: "Invalid key database type was found" V5.3 CSD05 SSL
gsk6cmd failed
for -type cms GSKit V6.0.5.43 Solaris 2.8
Hello Raj,
At least one of our clients runs SSL on Solaris in production and we are
about to migrate another one.
I am not sure what exactly you are trying to do with importing, namely,
what commands do you use? Import actually imports both public and private
keys and you have to have the certificate of signing CA already added to
your keystore.
Hope this will help,
Pavel
Rajesh-IT Sharma
<rajesh-it.sharma+exter To:
[EMAIL PROTECTED]
[EMAIL PROTECTED]> cc:
Sent by: MQSeries List Subject: Re:
"Invalid key database type was found" V5.3 CSD05 SSL gsk6cmd
<[EMAIL PROTECTED] failed for -type cms
GSKit V6.0.5.43 Solaris 2.8
T>
08/26/2004 02:02 PM
Please respond to
MQSeries List
Thank you to all of you who replied to my earlier posting.
Ok. I applied CSD07 and I am successfully able to create the certificates.
Now, I am stuck at importing the certificates into the qmgr's keys db. I
have created two Q Mgrs and able to create certificates for both of them
that have been received into the keys db of each queue manager. Then I
exported the certificate from both the queue managers into a file (-type
pkcs12) and tried to import them ( qm 1's being imported into qm2's key db
and vice-versa). However this fails giving me the error -
An error occurred while inserting keys to the database.
gsk6version information is
@(#)ProductName: gsk6e (GoldCoast Build) 0406171803
@(#)ProductVersion: 6.0.5.43
@(#)ProductInfo: 04/06/15.00:00:28.04/06/17.18:11:04
Also, the classpath and path info remains the same as mentioned in the
first email. I see messages that Interim fix need to be applied. I have
the latest GSkit version running, do I still need to apply the Interim
Fix.
Finally, is anyone running MQ with SSL on Solaris in Production? Reason I
ask this is that I have never had this much gotcha in setting anything
with this much trouble and I would like to get a confidence level whether
it is worth it at this time, or wait for it to stabilize a bit more -:)
Raj
Pavel Tolkachev <[EMAIL PROTECTED]>
Sent by: MQSeries List <[EMAIL PROTECTED]>
08/19/2004 03:41 PM
Please respond to MQSeries List
To: [EMAIL PROTECTED]
cc:
Subject: Re: "Invalid key database type was found" V5.3
CSD05 SSL gsk6cmdf ailed
for -type cms GSKit V6.0.5.43 Solaris 2.8
Yes, that's what I am saying: I built keystores on AIX and distributed to
Solaris :-)
Pavel
Rajesh-IT Sharma
<rajesh-it.sharma+exter To:
[EMAIL PROTECTED]
[EMAIL PROTECTED]> cc:
Sent by: MQSeries List Subject: Re:
"Invalid key database type was found" V5.3 CSD05 SSL gsk6cmdf ailed for
<[EMAIL PROTECTED] -type cms GSKit
V6.0.5.43 Solaris 2.8
T>
08/19/2004 02:36 PM
Please respond to
MQSeries List
Pavel, Wouldn't it still be necessary to have a key database on Solaris
even if I can create a certificate on AIX.
Thank you for the response. I am considering CSD06.
Raj
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
--
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
--
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
--
This e-mail may contain confidential and/or privileged information. If you are not the
intended recipient (or have received this e-mail in error) please notify the sender
immediately and destroy this e-mail. Any unauthorized copying, disclosure or
distribution of the material in this e-mail is strictly forbidden.
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
