Discussion:
GSKCAPICMD_ERROR_FILE_OPEN trying to -receive signed cert into keystore
David Awerbuch (BLOOMBERG/ 120 PARK)
2014-06-13 16:51:20 UTC
Permalink
I requested a newly signed cert to replace an aging one by issuing:

$ gsk7capicmd -certreq -recreate -db keystore.kdb -label ibmwebspheremqQMGR -target ibmwebspheremqQMGR.certreq

Security group signed the certificate request and sent me back a ibmwebspheremqQMGR.cert file.

I am trying to receive the new cert using:

$ gsk7capicmd -cert -receive -db keystore.kdb -label ibmwebspheremqQMGR -file ibmwebspheremqQMGR.cert
Error: 211

Please refer to the GSKCapiCmd User's Guide
for the meaning of the error.

Error id: GSKCAPICMD_ERROR_FILE_OPEN

How can I get more details here? Unless there is a more recent edition, the publication
http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss?CTY=US&FNC=SRX&PBL=SC22-5459-00#
GSKIT V8 GSKCapiCmd User's Guide, Edition 11 September 2012, doesn't help any. From Chapter 9:
211 There was an error associated with opening the file.

Facts:
1. WMQ Server Version 7.0.1.4
2. .cert file is mode 664, mqm:mqm
3. all keystore files are mqm:mqm 664 except .sth is 600

Appreciate any pointers here.

Thanks,
Dave




<< "Once the game is over, the king and the pawn go back into the same box." - Anon >>

To unsubscribe, write to ***@LISTSERV.MEDUNIWIEN.AC.AT and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
Tim Zielke
2014-06-13 17:19:11 UTC
Permalink
Hi David,

Not sure which Unix OS you are using, but the strace, truss, whatever equivalent command could be helpful here.

For example, if this was Linux you could do the following:

strace –f gsk7capicmd -certreq -recreate -db keystore.kdb -label ibmwebspheremqQMGR -target ibmwebspheremqQMGR.certreq 2>strace.out

This would tell you which file was trying to be opened that failed, and the underlying system call error that was returned on the open.

Thanks,
Tim

From: MQSeries List [mailto:***@LISTSERV.MEDUNIWIEN.AC.AT] On Behalf Of David Awerbuch (BLOOMBERG/ 120 PARK)
Sent: Friday, June 13, 2014 11:51 AM
To: ***@LISTSERV.MEDUNIWIEN.AC.AT
Subject: GSKCAPICMD_ERROR_FILE_OPEN trying to -receive signed cert into keystore

I requested a newly signed cert to replace an aging one by issuing:

$ gsk7capicmd -certreq -recreate -db keystore.kdb -label ibmwebspheremqQMGR -target ibmwebspheremqQMGR.certreq

Security group signed the certificate request and sent me back a ibmwebspheremqQMGR.cert file.

I am trying to receive the new cert using:

$ gsk7capicmd -cert -receive -db keystore.kdb -label ibmwebspheremqQMGR -file ibmwebspheremqQMGR.cert
Error: 211

Please refer to the GSKCapiCmd User's Guide
for the meaning of the error.

Error id: GSKCAPICMD_ERROR_FILE_OPEN

How can I get more details here? Unless there is a more recent edition, the publication
http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss?CTY=US&FNC=SRX&PBL=SC22-5459-00#<http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss?CTY=US&FNC=SRX&PBL=SC22-5459-00>
GSKIT V8 GSKCapiCmd User's Guide, Edition 11 September 2012, doesn't help any. From Chapter 9:
211 There was an error associated with opening the file.

Facts:
1. WMQ Server Version 7.0.1.4
2. .cert file is mode 664, mqm:mqm
3. all keystore files are mqm:mqm 664 except .sth is 600

Appreciate any pointers here.

Thanks,
Dave





<< "Once the game is over, the king and the pawn go back into the same box." - Anon >>

________________________________
List Archive<http://listserv.meduniwien.ac.at/archives/mqser-l.html> - Manage Your List Settings<http://listserv.meduniwien.ac.at/cgi-bin/wa?SUBED1=mqser-l&A=1> - Unsubscribe<mailto:***@LISTSERV.MEDUNIWIEN.AC.AT?subject=Unsubscribe&BODY=signoff%20mqseries>

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com<http://www.lsoft.com/resources/manuals.asp>

To unsubscribe, write to ***@LISTSERV.MEDUNIWIEN.AC.AT and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
David Awerbuch (BLOOMBERG/ 120 PARK)
2014-06-13 18:25:39 UTC
Permalink
Tim,

Thanks for the info. turns out the problem was with the .cert file. not knowing what else to do, I retype the entire command again, recutting and repasting file names along the way from the 'ls' outputs. sure enough, this time it worked - can't explain why.

Thanks again,
Dave


----- Original Message -----
From: ***@aon.com
To: David Awerbuch (BLOOMBERG/ 120 PARK), ***@LISTSERV.MEDUNIWIEN.AC.AT
At: Jun 13 2014 13:19:26



Hi David,

Not sure which Unix OS you are using, but the strace, truss, whatever equivalent command could be helpful here.

For example, if this was Linux you could do the following:

strace –f gsk7capicmd -certreq -recreate -db keystore.kdb -label ibmwebspheremqQMGR -target ibmwebspheremqQMGR.certreq 2>strace.out

This would tell you which file was trying to be opened that failed, and the underlying system call error that was returned on the open.

Thanks,
Tim


From: MQSeries List [mailto:***@LISTSERV.MEDUNIWIEN.AC.AT] On Behalf Of David Awerbuch (BLOOMBERG/ 120 PARK)
Sent: Friday, June 13, 2014 11:51 AM
To: ***@LISTSERV.MEDUNIWIEN.AC.AT
Subject: GSKCAPICMD_ERROR_FILE_OPEN trying to -receive signed cert into keystore


I requested a newly signed cert to replace an aging one by issuing:



$ gsk7capicmd -certreq -recreate -db keystore.kdb -label ibmwebspheremqQMGR -target ibmwebspheremqQMGR.certreq



Security group signed the certificate request and sent me back a ibmwebspheremqQMGR.cert file.



I am trying to receive the new cert using:



$ gsk7capicmd -cert -receive -db keystore.kdb -label ibmwebspheremqQMGR -file ibmwebspheremqQMGR.cert

Error: 211



Please refer to the GSKCapiCmd User's Guide

for the meaning of the error.



Error id: GSKCAPICMD_ERROR_FILE_OPEN



How can I get more details here? Unless there is a more recent edition, the publication

http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss?CTY=US&FNC=SRX&PBL=SC22-5459-00#

GSKIT V8 GSKCapiCmd User's Guide, Edition 11 September 2012, doesn't help any. From Chapter 9:

211 There was an error associated with opening the file.



Facts:

1. WMQ Server Version 7.0.1.4

2. .cert file is mode 664, mqm:mqm

3. all keystore files are mqm:mqm 664 except .sth is 600



Appreciate any pointers here.



Thanks,

Dave








<< "Once the game is over, the king and the pawn go back into the same box." - Anon >>


List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com


<< "Once the game is over, the king and the pawn go back into the same box." - Anon >>

To unsubscribe, write to ***@LISTSERV.MEDUNIWIEN.AC.AT and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
Tim Zielke
2014-06-13 18:35:10 UTC
Permalink
I have run across similar issues where you paste a command from say a Windows document into the shell, and it looks fine to the eye, but some “hidden” characters have been inserted which cause the command to fail. For a sanity check, one option is to paste the command into a text file on the Unix system, and then cat the contents of the file to the od command (octal dump) to byte inspect the values.

cat text.file | od –c (for character display)
cat text.file | od –x (for hex display)

Thanks,
Tim


From: David Awerbuch (BLOOMBERG/ 120 PARK) [mailto:***@bloomberg.net]
Sent: Friday, June 13, 2014 1:26 PM
To: ***@LISTSERV.MEDUNIWIEN.AC.AT; Tim Zielke
Subject: RE: GSKCAPICMD_ERROR_FILE_OPEN trying to -receive signed cert into keystore

Tim,

Thanks for the info. turns out the problem was with the .cert file. not knowing what else to do, I retype the entire command again, recutting and repasting file names along the way from the 'ls' outputs. sure enough, this time it worked - can't explain why.

Thanks again,
Dave

----- Original Message -----
From: ***@aon.com<mailto:***@aon.com>
To: David Awerbuch (BLOOMBERG/ 120 PARK)<mailto:***@bloomberg.net>, ***@LISTSERV.MEDUNIWIEN.AC.AT<mailto:***@LISTSERV.MEDUNIWIEN.AC.AT>
At: Jun 13 2014 13:19:26
Hi David,

Not sure which Unix OS you are using, but the strace, truss, whatever equivalent command could be helpful here.

For example, if this was Linux you could do the following:

strace –f gsk7capicmd -certreq -recreate -db keystore.kdb -label ibmwebspheremqQMGR -target ibmwebspheremqQMGR.certreq 2>strace.out

This would tell you which file was trying to be opened that failed, and the underlying system call error that was returned on the open.

Thanks,
Tim

From: MQSeries List [mailto:***@LISTSERV.MEDUNIWIEN.AC.AT] On Behalf Of David Awerbuch (BLOOMBERG/ 120 PARK)
Sent: Friday, June 13, 2014 11:51 AM
To: ***@LISTSERV.MEDUNIWIEN.AC.AT<mailto:***@LISTSERV.MEDUNIWIEN.AC.AT>
Subject: GSKCAPICMD_ERROR_FILE_OPEN trying to -receive signed cert into keystore

I requested a newly signed cert to replace an aging one by issuing:

$ gsk7capicmd -certreq -recreate -db keystore.kdb -label ibmwebspheremqQMGR -target ibmwebspheremqQMGR.certreq

Security group signed the certificate request and sent me back a ibmwebspheremqQMGR.cert file.

I am trying to receive the new cert using:

$ gsk7capicmd -cert -receive -db keystore.kdb -label ibmwebspheremqQMGR -file ibmwebspheremqQMGR.cert
Error: 211

Please refer to the GSKCapiCmd User's Guide
for the meaning of the error.

Error id: GSKCAPICMD_ERROR_FILE_OPEN

How can I get more details here? Unless there is a more recent edition, the publication
http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss?CTY=US&FNC=SRX&PBL=SC22-5459-00#<http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss?CTY=US&FNC=SRX&PBL=SC22-5459-00>
GSKIT V8 GSKCapiCmd User's Guide, Edition 11 September 2012, doesn't help any. From Chapter 9:
211 There was an error associated with opening the file.

Facts:
1. WMQ Server Version 7.0.1.4
2. .cert file is mode 664, mqm:mqm
3. all keystore files are mqm:mqm 664 except .sth is 600

Appreciate any pointers here.

Thanks,
Dave





<< "Once the game is over, the king and the pawn go back into the same box." - Anon >>

________________________________
List Archive<http://listserv.meduniwien.ac.at/archives/mqser-l.html> - Manage Your List Settings<http://listserv.meduniwien.ac.at/cgi-bin/wa?SUBED1=mqser-l&A=1> - Unsubscribe<mailto:***@LISTSERV.MEDUNIWIEN.AC.AT?subject=Unsubscribe&BODY=signoff%20mqseries>

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com<http://www.lsoft.com/resources/manuals.asp>


<< "Once the game is over, the king and the pawn go back into the same box." - Anon >>

To unsubscribe, write to ***@LISTSERV.MEDUNIWIEN.AC.AT and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html

Loading...