| Author |
Message
|
| bhaski |
 Posted: Tue May 27, 2014 8:49 am Post subject: pfx configuration |
 |
|
Voyager
Joined: 13 Sep 2006
Posts: 78
Location: USA
|
Hi Friend
I am using pfx file... I imported pfx into cacerts and try to run,, and I am getting
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException:
if I use pfx directly using SOAPUI.. It is working but if I use p12 or cacerts file after import the pfx using keytool, it is throwing about error
How to use pfx in IIB 9.0 other than importing them into cacerts.. I imported all the certificates available in pfx ( verified after converting them to pem using openssl )...
I ran
mqsisetdbparms broker_name
-n brokerTruststore::password
-u ignore
-p truststore_pass
mqsisetdbparms broker_name
-n brokerKeystore::password
-u ignore
-p keystore_pass
and
mqsichangeproperties IB9NODE -b httplistener -o HTTPSConnector -n keystoreFile -v C:\IBM\MQSI\9.0.0.0\jre17\lib\security\cacerts
mqsichangeproperties IB9NODE -b httplistener -o HTTPSConnector -n truststoreFile -v C:\IBM\MQSI\9.0.0.0\jre17\lib\security\cacerts
and
mqsichangeproperties IB9NODE -b httplistener -o HTTPSConnector -n keystorePass -v changeit
mqsichangeproperties IB9NODE -b httplistener -o HTTPSConnector -n truststorePass -v changeit
Need your help with IIB 9.0.. Previously I used other certificates with 7.x and 8.. did not have any problem..this is first time using IBM 9.0.. Need ur help/Input..
_________________
Thanks and Regards
Bhaski
Websphere MQ Admin Certified
Websphere WMB Admin certified |
|
| Back to top |
|
 |
| bhaski |
| Posted: Wed May 28, 2014 11:35 am Post subject: |
|
|
Voyager
Joined: 13 Sep 2006
Posts: 78
Location: USA
|
Friend.. No one is ready to answer? Please
_________________
Thanks and Regards
Bhaski
Websphere MQ Admin Certified
Websphere WMB Admin certified |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed May 28, 2014 12:49 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20768
Location: LI,NY
|
From your post you seem to have a poor knowledge of how SSL works.
Google it some and try to understand what you read.
Then make sure you grasp the difference between a keystore and a truststore. Know that in the IBM default set up both are located in a single file... but they don't have to...
And by the way, if you have a pfx store, try converting the store and not extracting keys and certs...
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| bhaski |
| Posted: Wed May 28, 2014 5:04 pm Post subject: |
|
|
Voyager
Joined: 13 Sep 2006
Posts: 78
Location: USA
|
Thank you fjb_saper.. I got frustrat"e and did configure on both the store. But "Dont import" is a new message which I am not aware. I will do test tomorrow and Update here.
_________________
Thanks and Regards
Bhaski
Websphere MQ Admin Certified
Websphere WMB Admin certified |
|
| Back to top |
|
|
| mgk |
| Posted: Thu May 29, 2014 1:00 am Post subject: |
|
|
Padawan
Joined: 31 Jul 2003
Posts: 1647
|
You should be able to use "pfx" files directly, but you have the set the "keyStoreType / trustStoreType" to "pkcs12".
Kind regards,
_________________
MGK
The postings I make on this site are my own and don't necessarily represent IBM's positions, strategies or opinions. |
|
| Back to top |
|
|
|
|
