David Awerbuch (BLOOMBERG/ 120 PARK)
2014-07-10 18:58:34 UTC
hi all,
This is befuddling me a bit, hoping I can get some clarification and perhaps a bonk on the head telling me what I am doing wrong.
I need to renew a certicate for a WMQ Client ... It seems straight forward enough ...
1. gsk7capicmd -certreq -recreate -db xxx.kdb -label ibmwebspheremqusername -target ibmwebspheremqusername.certreq
done
2. send ibmwebspheremqusername.certreq file to CA for signing
3. get back the signed certificate file ibmwebspheremqusername.cert.pem.txt
4. gsk7capicmd -cert -receive -db xxx.kdb -file ibmwebspheremqusername.cert.pem.txt -format ascii
Error: 108
Please refer to the GSKCapiCmd User's Guide
for the meaning of the error.
Error id: GSKKM_ERR_REQKEY_FOR_CERT_NULL
Details: certreq
5. gsk7capicmd -certreq -list -db xxx.kdb
No certificate requests were found.
The keystore contains the expiring certificate, as well as all the default certificates from when the keystore was created.
So two questions:
1. why doesn't the signing recreate request not show up as a certreq?
2. Am I doing this correctly at all?
This is the first time I am renewing a client certificate, previously I have done server certs the same way without any problems.
MQver 7.0.1.4
gsk7 version 7.0.4.29
Thanks
Dave
<< "Once the game is over, the king and the pawn go back into the same box." - Anon >>
To unsubscribe, write to ***@LISTSERV.MEDUNIWIEN.AC.AT and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
This is befuddling me a bit, hoping I can get some clarification and perhaps a bonk on the head telling me what I am doing wrong.
I need to renew a certicate for a WMQ Client ... It seems straight forward enough ...
1. gsk7capicmd -certreq -recreate -db xxx.kdb -label ibmwebspheremqusername -target ibmwebspheremqusername.certreq
done
2. send ibmwebspheremqusername.certreq file to CA for signing
3. get back the signed certificate file ibmwebspheremqusername.cert.pem.txt
4. gsk7capicmd -cert -receive -db xxx.kdb -file ibmwebspheremqusername.cert.pem.txt -format ascii
Error: 108
Please refer to the GSKCapiCmd User's Guide
for the meaning of the error.
Error id: GSKKM_ERR_REQKEY_FOR_CERT_NULL
Details: certreq
5. gsk7capicmd -certreq -list -db xxx.kdb
No certificate requests were found.
The keystore contains the expiring certificate, as well as all the default certificates from when the keystore was created.
So two questions:
1. why doesn't the signing recreate request not show up as a certreq?
2. Am I doing this correctly at all?
This is the first time I am renewing a client certificate, previously I have done server certs the same way without any problems.
MQver 7.0.1.4
gsk7 version 7.0.4.29
Thanks
Dave
<< "Once the game is over, the king and the pawn go back into the same box." - Anon >>
To unsubscribe, write to ***@LISTSERV.MEDUNIWIEN.AC.AT and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html