All,
Setting Put time is apparently a confusing thing - and I can relate to the
issues around allowing an app to do it. It seems that we get 3rd party
vendor apps in and we attempt to restrict the SET (or SETID - I can't
remember exactly which on as I am writing this e-mail) options on their
user ids, but then their app fails because they are trying to set the
date/time on the MQMD and we end up granting a little more access than we
would like. I think there is something in JMS that wants to do this - I
just can't remember the specifics.
Regardless, you can ignore my second item on this thread regarding the
importing of a .pfx file. I got that fixed and things are functioning
fine now. It was just an issue typing in the correct passwords at the
correct time during the import - I am slightly embarrassed now - again....
(-:
Thanks to all for the input - I tend to save off some of these discussions
for future reference.
Thanks,
David Corbett
Work: 612-973-7086
Pager: 612-280-6307
IBM Certified Solution Designer - WebSphere MQ V7.0
IBM Certified System Administrator - WebSphere MQ V7.0
From: Tim Zielke <tim.zielke-PR+tvw7B/***@public.gmane.org>
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org
Date: 06/15/2013 11:35 AM
Subject: Re: MQPUT Times question (and now time for an SSL
question)
Sent by: MQSeries List <MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org>
Thanks, Neil. I made those adjustments and now the PutTime that the
amqsput program is setting is getting preserved all the way to the message
on the local queue on QM2.
So if the application is not requesting to update the origin context of a
message (like PutTime) or is not authorized to perform this function, the
PutTime will be the first time that an MQ queue manager PUT the message to
a queue (i.e. XMITQ, SYSTEM.CLUSTER.TRANSMIT.QUEUE, etc.), regardless of
how many queue manager hops the message goes through to its final queue
destination.
If an authorized application requests to update the origin context of a
message (like PutTime), the PutTime could represent anything that
application is setting it to, perhaps the time right before the
application issued the PUT API.
I can see now why Peter said "You can never be 100% sure the put time in
the MQMD represents exactly when the message was actually put."
Tim
From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On Behalf
Of Neil Casey
Sent: Friday, June 14, 2013 9:48 PM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org
Subject: Re: MQPUT Times question (and now time for an SSL question)
Hi Tim,
in order to set the PUTDATE (or other context fields) you have to
correctly set the MQPMO options value, and you have to have opened the
queue with the correct open options, and you have to be authorised.
See
http://pic.dhe.ibm.com/infocenter/wmqv7/v7r5/topic/com.ibm.mq.doc/fg12380_.htm
Regards,
Neil Casey.
On 15/06/2013, at 12:33 PM, Tim Zielke <tim.zielke-RzW+Fo++***@public.gmane.org> wrote:
Hi Peter,
I was curious about this, so I tried recreating your test and I am not
able to get the behavior you were seeing.
I have a QM1 (Linux 7.1.0.2) with a remote queue that aims at a local
queue on QM2 (Solaris 7.1.0.2).
I updated the amqsput program to change the md.PutTime to spaces before
doing the PUT. However, when I look at the message on the local queue on
QM2, it has been updated with a current PutTime. I tried changing the
md.PutTime to a bogus time, and again the message on the local queue on
QM2 has a current PutTime.
Maybe I am misunderstanding what you were saying.
Incidentally, I also did the test with the remote queue set up where I
froze the RVCR channel process on QM2 with a STOP signal, did a PUT to the
remote queue on QM1, and then unfroze the RCVR channel process on QM2 2
minutes later with a CONT signal. The message showed up on the local
queue on QM2 with a PutTime that was 2 minutes old. So just more
confirmation on what the experts have been saying on how this works (not
that I was doubting anybody :-) ).
Thanks,
Tim
From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On Behalf
Of Potkay, Peter M (CTO Architecture + Engineering)
Sent: Friday, June 14, 2013 3:14 PM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org
Subject: Re: MQPUT Times question (and now time for an SSL question)
Dave,
I posted a reply that shows in my testing the original put time is carried
forward.
Suitably authorized (or unsuitably as the case may be) apps can set the
put time in the MQMD to whatever they want.
I set the put time to blanks on QM1 when I put to a remote queue that aims
at a local q on QM2. The message is sitting on QM2 with a blank put time.
This to me says the original put time value is carried during QM to QM
routing.
Don't forget there is a secondary MQMD with its own put time when a
message is sitting on an XMITQ
You can never be 100% sure the put time in the MQMD represents exactly
when the message was actually put.
Peter Potkay
From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On Behalf
Of Dave Corbett
Sent: Friday, June 14, 2013 3:44 PM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org
Subject: Re: MQPUT Times question (and now time for an SSL question)
Listers,
First of all - I want to thank everyone for commenting on the PUT time
question I posed. I am actually surprised by the fact that the original
message date/time is not maintained, and yet I understand (sort of) why
that is.
Regardless,
How about another question for SSL experts. We ran into some issues with
gskit7 / gskit8, etc. The short issue is that we need to rebuild our
keystore on a 7.0.1.6 QMGR on Windows. (this is a test environment).
After rebuilding the keystore, we are attempting to import a .pfx file
(our internal PKI has generated the keys for our keystore). However,
every time I try to import it, I receive the following error:
H:\>gsk7capicmd -cert -import -db <.pfx file path>\<pfx file>
" -target "<keystore path>\<keystore name>.kdb"
A password is required to access this key database
Please enter a password: **************
Error: 2
Please refer to the GSKCapiCmd User's Guide
for the meaning of the error.
Error id: GSKKM_ERR_ASN
Details: <<.pfx file path>\<pfx file>
I have taken the .cer and the .key file, and converted them into a .pfx
file with openssl. I have also tried the .pfx file that our PKI team
generated as part of their process
Nothing ever changes - I continually get this error - and when I try to
research it, all I find is some obscure link to something indicating that
there is a duplicate somewhere in my keystore, and yet all that is in the
keystore is the root certs created for the various CA's when we created
the keystore itself.
Has anyone else run into this error - and can explain what is happening?
Thanks,
David Corbett
Work: 612-973-7086
Pager: 612-280-6307
IBM Certified Solution Designer - WebSphere MQ V7.0
IBM Certified System Administrator - WebSphere MQ V7.0
From: "Potkay, Peter M (CTO Architecture + Engineering)" <
Peter.Potkay-***@public.gmane.org>
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org
Date: 06/12/2013 11:25 AM
Subject: Re: MQPUT Times question
Sent by: MQSeries List <MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org>
Suitably authorized (or unsuitably as the case may be) apps can set the
put time in the MQMD to whatever they want.
I set the put time to blanks on QM1 when I put to a remote queue that
aims at a local q on QM2. The message is sitting on QM2 with a blank put
time. This to me says the original put time value is carried during QM
to QM routing.
Don't forget there is a secondary MQMD with its own put time when a
message is sitting on an XMITQ
You can never be 100% sure the put time in the MQMD represents exactly
when the message was actually put.
Peter Potkay
-----Original Message-----
From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On
Behalf Of Dominique Courtois
Sent: Wednesday, June 12, 2013 11:30 AM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org
Subject: Re: MQPUT Times question
Tim,
This is not a contradiction. The MQPUT, as far as WMQ is involved, is
actually executed on the server by the amqzlaa0 on behalf of the MCA on
behalf of the client application process and not on the client system
itself. So the PUTTIME must be the time of the MQPUT by the channel not
by the client process.
Regards
Dominique
To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and, in the
message body (not the subject), write: SIGNOFF MQSERIES Instructions for
managing your mailing list subscription are provided in the Listserv
General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
************************************************************
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If you
are not the intended recipient, please notify the sender immediately by
return e-mail, delete this communication and destroy all copies.
************************************************************
To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
U.S. BANCORP made the following annotations
---------------------------------------------------------------------
Electronic Privacy Notice. This e-mail, and any attachments, contains
information that is, or may be, covered by electronic communications
privacy laws, and is also confidential and proprietary in nature. If you
are not the intended recipient, please be advised that you are legally
prohibited from retaining, using, copying, distributing, or otherwise
disclosing this information in any manner. Instead, please reply to the
sender that you have received this communication in error, and then
immediately delete it. Thank you in advance for your cooperation.
---------------------------------------------------------------------
List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
************************************************************
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If you
are not the intended recipient, please notify the sender immediately by
return e-mail, delete this communication and destroy all copies.
************************************************************
List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
U.S. BANCORP made the following annotations
---------------------------------------------------------------------
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.
---------------------------------------------------------------------
To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html