| Author | Message | 
		
		  | chaitralip | 
			  
				|  Posted: Wed Aug 08, 2007 9:18 pm    Post subject: SSL issue |   |  | 
		
		  | Novice
 
 
 Joined: 16 May 2007Posts: 24
 
 
 | 
			  
				| I am trying to use SSL on the MQ v6 on Win machine. 
 The steps that i followed is as follows
 
 1. Started the IBM Key Management.
 2. Created a key repository for the QMgr
 3. In the IE -> Tools -> Internet Options -> Contents -> Certificates
 4. In Personal Certificate Clicked on Import and then exported to the
 <MQdir>\Qmgrs\<QmgrName>\ssl\QmgrName.pfx
 5. On the IBM Key Management -> Personal Certificates -> Clicked on Import
 6. then selected PKCS12 and then gave the path where .pfx file is there
 7. Entered the password and clicked ok
 8. And then the error message pops up
 After I click OK i get the errors
 
 "The specified Database is corrupted"
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | jefflowrey | 
			  
				|  Posted: Thu Aug 09, 2007 3:27 am    Post subject: |   |  | 
		
		  | Grand Poobah
 
 
 Joined: 16 Oct 2002Posts: 19981
 
 
 | 
			  
				| You're trying to follow version 5.3 instructions when working with version 6. 
 I suggest you start with the MQ version 6 Security guide.
 _________________
 I am *not* the model of the modern major general.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | Michael Dag | 
			  
				|  Posted: Thu Aug 09, 2007 3:34 am    Post subject: Re: SSL issue |   |  | 
		
		  |  Jedi Knight
 
 
 Joined: 13 Jun 2002Posts: 2607
 Location: The Netherlands (Amsterdam)
 
 | 
			  
				| 
   
	| chaitralip wrote: |  
	| 7. Entered the password and clicked ok 8. And then the error message pops up
 After I click OK i get the errors
 
 "The specified Database is corrupted"
 |  
 did you really type the right password? I have seen this message many times when simply the password was not entered correctly...
 _________________
 Michael
 
 
   
 MQSystems Facebook page
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | phonis | 
			  
				|  Posted: Thu Aug 09, 2007 7:16 pm    Post subject: |   |  | 
		
		  |  Newbie
 
 
 Joined: 05 Apr 2007Posts: 5
 
 
 | 
			  
				| Hi chaitralip, 
 I did the following steps to enable the SSL.
 
 1. Create the key repository for QM using IBM Key Management.
 2. Import QM Private key to Windows through IE(remember to make the private key exportable).
 3. Open IBM Key Management and now I can see the QM private key in the System Tab. I exported the QM Private Key.
 4. Use IBM KeyMan to import that exported private key(from step 3) into personal certificates.
 ......
 
 The tricky part is use KeyMan to export the private key again, then import this exported key into personal certificates.
 
 Hope it helps.
 Phonis Ye
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | chaitralip | 
			  
				|  Posted: Fri Aug 10, 2007 7:37 pm    Post subject: |   |  | 
		
		  | Novice
 
 
 Joined: 16 May 2007Posts: 24
 
 
 | 
			  
				| I have done the first 2 points...didnt get ur 3rd point 
 
   
	| phonis wrote: |  
	| 3. Open IBM Key Management and now I can see the QM private key in the System Tab. I exported the QM Private Key. ......
 
 The tricky part is use KeyMan to export the private key again, then import this exported key into personal certificates.
 
 Hope it helps.
 Phonis Ye
 |  
 Can you explain this in little more details. Thanks
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | phonis | 
			  
				|  Posted: Sun Aug 12, 2007 7:44 am    Post subject: |   |  | 
		
		  |  Newbie
 
 
 Joined: 05 Apr 2007Posts: 5
 
 
 | 
			  
				| For MQ 6, I was using ikeyman 7 to deal with the key database. 
 If you run ikeyman 7, drop down the key database content combobox, you can see four options: personal certificates; personal certificate requests; signer certificates and system certificates(new option, name may not exact correct recalled).
 
 You select "system certificates", then you will see those certificates imported through IE.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | chaitralip | 
			  
				|  Posted: Sun Aug 12, 2007 8:09 pm    Post subject: |   |  | 
		
		  | Novice
 
 
 Joined: 16 May 2007Posts: 24
 
 
 | 
			  
				| Hi 
 If I run ikeyman7, in the drop down i see only 3 options: personal certificates; personal certificate requests; signer certificates.
 I dont see the fourth options.
 
 Can you please tell me if i have done the earlier steps right.
 
 Thanks
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | phonis | 
			  
				|  Posted: Mon Aug 13, 2007 6:28 pm    Post subject: |   |  | 
		
		  |  Newbie
 
 
 Joined: 05 Apr 2007Posts: 5
 
 
 | 
			  
				| Yes, you did the earlier step right. And for MQ5.3, that should be working. 
 I did the same thing as you did and got the same error message. After I explored and change to export the PK from IKeyman(but not from IE, step 3), problem solved.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | chaitralip | 
			  
				|  Posted: Mon Aug 13, 2007 7:06 pm    Post subject: |   |  | 
		
		  | Novice
 
 
 Joined: 16 May 2007Posts: 24
 
 
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | phonis | 
			  
				|  Posted: Mon Aug 13, 2007 8:24 pm    Post subject: |   |  | 
		
		  |  Newbie
 
 
 Joined: 05 Apr 2007Posts: 5
 
 
 | 
			  
				| Right, that is what I mean the steps you did are ok to MQ5.3. But for MQ6, it doesn't work. |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | chaitralip | 
			  
				|  Posted: Mon Aug 13, 2007 8:25 pm    Post subject: |   |  | 
		
		  | Novice
 
 
 Joined: 16 May 2007Posts: 24
 
 
 | 
			  
				| yes and as per you, I dont see the fourth option  |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | jefflowrey | 
			  
				|  Posted: Tue Aug 14, 2007 10:16 am    Post subject: |   |  | 
		
		  | Grand Poobah
 
 
 Joined: 16 Oct 2002Posts: 19981
 
 
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | phonis | 
			  
				|  Posted: Wed Aug 15, 2007 8:29 pm    Post subject: |   |  | 
		
		  |  Newbie
 
 
 Joined: 05 Apr 2007Posts: 5
 
 
 | 
			  
				| Hi Jefflowrey, actually when I did importing the p12 private key(without IE involved), I also got the error "the specified database is corrupted". 
 If you read through chaitralip's origin problem description, you know the problem was the same at: using ikeyman to import the private key.
 
 chaitralip, please let us know whether you got it resolved and how.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | chaitralip | 
			  
				|  Posted: Thu Aug 16, 2007 4:43 am    Post subject: |   |  | 
		
		  | Novice
 
 
 Joined: 16 May 2007Posts: 24
 
 
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  |  |