| Author |
Message
|
| MB Developer |
 Posted: Fri May 30, 2014 4:08 am Post subject: SSL An error occurred while processing X509 certificates |
 |
|
Disciple
Joined: 03 Feb 2014
Posts: 179
|
Hi Experts,
I am getting error when creating self signed certificate.
I created
1. KDB
2. certificate successfully
runmqckm -keydb -create -db C:\SSL\QM1\key.kdb -pw New1234 -type cms -stash
runmqckm -keydb -create -db C:\SSL\QM2\key.kdb -pw New1234 -type cms -stash
runmqckm -cert -create -db C:\SSL\QM1\key.kdb -pw New1234 -dn "CN=JOHN,O=IBM,CN=US" -label ibmwespheremqqm1
runmqckm -cert -create -db C:\SSL\QM2\key.kdb -pw New1234 -dn "CN=PETER,O=IBM,CN=UK" -label ibmwespheremqqm2
runmqckm -cert -extract -db C:\SSL\QM1\key.kdb -pw New1234 -label ibmwespheremqqm1 -target C:\SSL\QM1\QM1.cert -format ascii
runmqckm -cert -extract -db C:\SSL\QM2\key.kdb -pw New1234 -label ibmwespheremqqm2 -target C:\SSL\QM1\QM2.cert -format ascii
runmqckm -cert -extract -db C:\SSL\QM2\key.kdb -pw New1234 -label ibmwespheremqqm2 -target C:\SSL\QM2\QM2.cert -format ascii
runmqckm -cert -add -db C:\SSL\QM2\key.kdb -pw New1234 -label ibmwespheremqqm1 -file C:\SSL\QM1\QM1.cert -format ascii
runmqckm -cert -add -db C:\SSL\QM1\key.kdb -pw New1234 -label ibmwespheremqqm2 -file C:\SSL\QM2\QM2.cert -format ascii
but when extracted certificate then error will occurred i.e An error occurred while processing X509 certificates.
C:\Windows\system32>runmqckm -cert -extract -db C:\SSL\QM1\key.kdb -pw suresh -label ibmwebspheremqqm1 -target C:\SSL\QM1\QM1.cert -format ascii
5724-H72 (C) Copyright IBM Corp. 1994, 2009. ALL RIGHTS RESERVED.
An error occurred while processing X509 certificates.
Please kindly give any solution for this problem...
Thanks,
Suresh K
Last edited by MB Developer on Tue Feb 24, 2015 3:36 am; edited 1 time in total |
|
| Back to top |
|
 |
| hughson |
| Posted: Fri May 30, 2014 4:35 am Post subject: Re: SSL An error occurred while processing X509 certificates |
|
|
Padawan
Joined: 09 May 2013
Posts: 1948
Location: Bay of Plenty, New Zealand
|
| MB Developer wrote: |
runmqckm -cert -extract -db C:\SSL\QM1\key.kdb -pw suresh -label ibmwebspheremqqm1 -target C:\SSL\QM1\QM1.cert -format ascii
5724-H72 (C) Copyright IBM Corp. 1994, 2009. ALL RIGHTS RESERVED.
An error occurred while processing X509 certificates. |
Personally, I'd go the PMR route for this.
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| MB Developer |
| Posted: Fri May 30, 2014 8:15 pm Post subject: Re: SSL An error occurred while processing X509 certificates |
|
|
Disciple
Joined: 03 Feb 2014
Posts: 179
|
| MB Developer wrote: |
Hi Experts,
I am getting error when creating self signed certificate.
I created
1. KDB
2. certificate successfully
but when extracted certificate then error will occurred i.e An error occurred while processing X509 certificates.
C:\Windows\system32>runmqckm -cert -extract -db C:\SSL\QM1\key.kdb -pw suresh -label ibmwebspheremqqm1 -target C:\SSL\QM1\QM1.cert -format ascii
5724-H72 (C) Copyright IBM Corp. 1994, 2009. ALL RIGHTS RESERVED.
An error occurred while processing X509 certificates.
Please kindly give any solution for this problem...
Thanks,
Suresh K |
Please give the solution ..... for above problem |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri May 30, 2014 8:32 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9442
Location: US: west coast, almost. Otherwise, enroute.
|
As suggested, open a PMR with IBM Support.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| MB Developer |
| Posted: Fri May 30, 2014 8:39 pm Post subject: |
|
|
Disciple
Joined: 03 Feb 2014
Posts: 179
|
Hi hughson and bruce2359,
Thanks for responding but I don't know about PMR .
How to open PMR and what is the purpose of PMR ..
Thanks,
Suresh K |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri May 30, 2014 9:09 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9442
Location: US: west coast, almost. Otherwise, enroute.
|
Go to google. In the search box enter: how do I create a pmr with ibm.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| tczielke |
| Posted: Sat May 31, 2014 6:00 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
| MB Developer wrote: |
Hi hughson and bruce2359,
Thanks for responding but I don't know about PMR .
How to open PMR and what is the purpose of PMR ..
Thanks,
Suresh K |
You may want to contact the other members on your MQ team, as perhaps they handle opening PMRs (now called SRs or Service Requests) with IBM. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sat May 31, 2014 6:37 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9442
Location: US: west coast, almost. Otherwise, enroute.
|
Go here: https://www-947.ibm.com/support/servicerequest/Home.action?category=2
Software support
The IBM Service Request (SR) application is used to open and update service requests (formerly called Problem Management Records or PMRs) online.
You can use SR to report problems on nearly all IBM supported software products.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| tczielke |
| Posted: Sat May 31, 2014 8:01 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
If Suresh does not have an IBM id, he will not be able to open a service request.
Suresh - If you are not an MQ administrator, I would recommend contacting your MQ administrator team, and they can evaluate if a SR/PMR is warranted and open one up, if needed. If you are an MQ administrator, perhaps you have a part of team (possibly in another geographical location) that handles PMRs. Either way, I would recommend working with the appropriate parties in your MQ administrator team. |
|
| Back to top |
|
|
| prasadm1983 |
| Posted: Wed Sep 17, 2014 3:18 am Post subject: have created self sign certificate before |
|
|
Newbie
Joined: 17 Sep 2014
Posts: 3
|
before extract if you dont create selfsign certificate it will throw this error.
C:\Software\QM1>runmqckm -cert -extract -db key_qm6.kdb -label ibmwebspheremqqm6
-target QM6.cert -format ascii
check your steps. |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Wed Sep 17, 2014 4:33 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1237
Location: Gold Coast of Florida, USA
|
MB Developer,
What version of MQ are you using?
From your QmgrName I fear it is MQ V6 which is way EOS (not supported).
Second, I recommend you create a separate key store for an Internal CA. The Internal CA will have a self signed certificate (Extract the public certificate).
For all other entities, create Certificate Signing Requests (CSR) and have the Internal CA sign them. For each entity, have then add the Internal CA certificate (to trust it) and receive the signed CSR.
It is that simple. |
|
| Back to top |
|
|
|
|
