Yes, it was a problem with upper / lower case ...
KEYRPWD(pass0rd) is different from KEYRPWD ('passw0rd') , thanks for pointing that, Morag.
Original Message:
Sent: Tue September 10, 2024 06:40 AM
From: Joao Ramires
Subject: KEYRPWD and INITKEY qmgr attributes
Hi Morag
yes, it can be the case, a lowercase password converted to upper (and the pw is "passw0rd"....) after some decades with MQ I forgot that detail ...
This week I don't have my test env available to verify, when back to it I'll try and post the result.
Thanks
------------------------------
Joao Ramires
Original Message:
Sent: Tue September 10, 2024 12:47 AM
From: Morag Hughson
Subject: KEYRPWD and INITKEY qmgr attributes
Hi Joao,
Is there any possibility that you have lower case letters in your password and that you forgot to quote the value in the KEYRPWD attribute when changing it using runmqsc?
The key used to encrypt the password is in the INITKEY attribute on the queue manager. I don't believe it is used by either MQ Explorer or runmqsc, but rather it is used by the queue manager when it stores the password supplied by either of those tools. I have not seen any suggestion that the INITKEY used by the queue manager bears any relation to the stash file technology used by runmqakm.
Cheers,
Morag
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
Original Message:
Sent: Fri September 06, 2024 07:36 AM
From: Joao Ramires
Subject: KEYRPWD and INITKEY qmgr attributes
some results:
I using a CMS key.kdb with stashed password.
In this case I can delete stash file and change, with MQ Explorer, the qmgr atribute KEYRPWD to the stashed password (and I know the password) . The name in MQ Explorer for this atribute is "SSL Key repository password".
If I change qmgr KEYRPWD value from a runmqsc prompt the access to the key.kdb fails with invalid password:
"SSL key repository: password incorrect or, stash file absent or unusable."
I believe this happens because MQ Explorer default key to encrypt a stashed password is the same runmqckm uses. It makes some confusing, changing the KEYRPWD gives different results if MQ Explorer or runmqsc were used. I've to try MQ Console to see what happens.
------------------------------
Joao Ramires
Original Message:
Sent: Fri September 06, 2024 05:04 AM
From: Joao Ramires
Subject: KEYRPWD and INITKEY qmgr attributes
Hi Morag
Thanks for the links! After posting I found these other two:
https://community.ibm.com/community/user/integration/blogs/robert-parker1/2024/08/13/did-you-know-ibm-mq-supports-pkcs12-keystores
https://community.ibm.com/community/user/integration/blogs/neha-u-k/2024/06/21/introducing-to-cms-pkcs
I'm doing some tests with this new SSL setup
Regards
joao
------------------------------
Joao Ramires
Original Message:
Sent: Thu September 05, 2024 04:39 PM
From: Morag Hughson
Subject: KEYRPWD and INITKEY qmgr attributes
Hi Joao,
You can read about these attributes here: https://www.ibm.com/docs/en/ibm-mq/9.3?topic=wsalw-supplying-key-repository-password-queue-manager-aix-linux-windows
It is also mentioned in this Slideshare presentation: https://www.slideshare.net/RobertParker54/ibm-mq-whats-new-including-93-and-931#37
Cheers,
Morag
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
Original Message:
Sent: Thu September 05, 2024 01:27 PM
From: Joao Ramires
Subject: KEYRPWD and INITKEY qmgr attributes
Hello all
Is there a presentation about the two new qmgr parameters?
Thanks
------------------------------
Joao Ramires
------------------------------