ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » WMQ CA certificate private key setting

Post new topic  Reply to topic
 WMQ CA certificate private key setting « View previous topic :: View next topic » 
Author Message
migz0901
PostPosted: Wed Oct 28, 2015 10:47 pm    Post subject: WMQ CA certificate private key setting Reply with quote

Apprentice

Joined: 01 Nov 2012
Posts: 28

Hi Guys,

I have tried to find out as where to set the PRIVATE KEY to YES in CA certificate as below.

I generated one CSR and then send to our SSL admin to sign and generate CA certificate, first they sent me certificate and I imported it to our qmgr and worked fine in test.

I generated CSR for our PROD QMGR and follow same process, e.g. sent to SSL admin for certificate generation, but this time SSL admin generated
certificate with PRIVATE KEY=NO.

Any idea where to set the private key to YES? Please see below two listing of certificate.



Label: ibmWebSphereMQMQS3
Certificate ID:
Status: TRUST
Start Date: 2015/08/28 10:52:38
End Date: 2025/08/28 11:02:38
Serial Number:

>
Key Type: RSA
Key Size: 1024
Private Key: YES



-------------------------

Label: ibmWebSphereMQMQS3c2025

Status: TRUST
Start Date: 2015/10/26 14:24:25
End Date: 2025/10/26 14:34:25
Serial Number:

Key Type: RSA
Key Size: 1024
Private Key: NO


Many thanks,
Migz0901


Last edited by migz0901 on Thu Oct 29, 2015 1:06 am; edited 1 time in total
Back to top
View user's profile Send private message
exerk
PostPosted: Thu Oct 29, 2015 1:01 am    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

You really should remove or obfuscate the information you've posted. I'm a stranger on the internet but I now know the platform on which your queue managers run, the name of at least one of those queue managers, the organisation you work for, and probably the actual geographical location of the infrastructure...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
migz0901
PostPosted: Thu Oct 29, 2015 1:07 am    Post subject: Reply with quote

Apprentice

Joined: 01 Nov 2012
Posts: 28

Thank you Sir,, done. but can you help with my queries?
Back to top
View user's profile Send private message
exerk
PostPosted: Thu Oct 29, 2015 1:21 am    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

migz0901 wrote:
...can you help with my queries?

No sorry, but I'm sure someone who can will be along soon.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Thu Oct 29, 2015 4:35 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

I would have expected your labels to be all lowercase...
I believe the private key depends on how you generated the CSR.
Make sure you do have a private key in the keystore before generating the CSR.

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
mqjeff
PostPosted: Thu Oct 29, 2015 4:35 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

Why haven't you gone back to the sysadmin and bothered them?
_________________
chmod -R ugo-wx /
Back to top
View user's profile Send private message
exerk
PostPosted: Thu Oct 29, 2015 4:55 am    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

fjb_saper wrote:
I would have expected your labels to be all lowercase...

Big Iron uses camel-case - not sure if that's still true for MQ V8.0 though
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
migz0901
PostPosted: Mon Nov 02, 2015 6:06 pm    Post subject: Reply with quote

Apprentice

Joined: 01 Nov 2012
Posts: 28

how to check keystore in mainframe?
Back to top
View user's profile Send private message
bruce2359
PostPosted: Mon Nov 02, 2015 8:41 pm    Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 9394
Location: US: west coast, almost. Otherwise, enroute.

Presuming you mean z/OS, certs are managed by IBMs RACF product RACDCERT command. Your security support team will have authority to use the command.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » WMQ CA certificate private key setting
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.