MQ

Good morning, I need some help importing a certificate from Digicert, the file is in PEM format.
I have read the documentation, the first step is to create a new database.

Here is the command:

runmqckm -keydb -create -db key.kdb -pw <password> -stash

I haven't understood if I should use the command runmqakm -cert -import or runmqckm -cert -add to add the certificate.

Could you please help me?

hello,

runmqckm -cert -add must be used to add a certificate linked to a certification chain to a store, the certificate being in .crt, .pem, ... format.
This is typically the case for a CA certificate.

runmqakm -cert -import must be used to import a personal certificate, which contains a certificate and its private key in a file in pkcs12 (.pfx or .p12) format.

HTH, LMD.

Good morning, I need some help importing a certificate from Digicert, the file is in PEM format.
I have read the documentation, the first step is to create a new database.

Here is the command:

runmqckm -keydb -create -db key.kdb -pw <password> -stash

I haven't understood if I should use the command runmqakm -cert -import or runmqckm -cert -add to add the certificate.

Could you please help me?

I have read the documentation several times but I feel very confused, I have two files of my private-stage.key private-stage.pem certificate and mqm-stage.csr.

First I created the vault with the following command:

[mqm@ibm-mq-1a ssl]$ runmqakm -keydb -create -db key.kdb -pw PASSWORD -stash

I try to import the csr but I see this error:

[mqm@ibm-mq-1a ssl]$ runmqakm -cert -receive -file /home/mqm/mqm-stage.csr -db key.kdb
Source database password : 
CTGSK3026W The key file "/home/mqm/mqm-stage.csr" does not exist or cannot be read.
CTGSK2017W An invalid database file type was encountered.CTGSK3009W One or more certificates in the keystore could not be loaded.

The file does exist in the path.

What am I doing wrong?

hello,

runmqckm -cert -add must be used to add a certificate linked to a certification chain to a store, the certificate being in .crt, .pem, ... format.
This is typically the case for a CA certificate.

runmqakm -cert -import must be used to import a personal certificate, which contains a certificate and its private key in a file in pkcs12 (.pfx or .p12) format.

HTH, LMD.

Good morning, I need some help importing a certificate from Digicert, the file is in PEM format.
I have read the documentation, the first step is to create a new database.

Here is the command:

runmqckm -keydb -create -db key.kdb -pw <password> -stash

I haven't understood if I should use the command runmqakm -cert -import or runmqckm -cert -add to add the certificate.

Could you please help me?

If you have 2 pem files containing the key and the certificate and its signerchain, you first must use openssl to create a pks12 file where you set the key + certificates into 1 container. Make sure you assign a label to the certificate / key when using openssl.

then you can run

# the password for the the pkcs12 file gets prompted# the target_stashed avoids to enter the password for the kdb file# if you don't have a stash file yet, omit the -target_stashed param and get prompted for the passwordrunmqakm -cert -import -db store.p12 -dbtype pkcs12 -target mykdb.kdb -target_stashed

The corresponding openssl commands can be found browsing the web.

Hope it helps

I have read the documentation several times but I feel very confused, I have two files of my private-stage.key private-stage.pem certificate and mqm-stage.csr.

First I created the vault with the following command:

[mqm@ibm-mq-1a ssl]$ runmqakm -keydb -create -db key.kdb -pw PASSWORD -stash

I try to import the csr but I see this error:

[mqm@ibm-mq-1a ssl]$ runmqakm -cert -receive -file /home/mqm/mqm-stage.csr -db key.kdb
Source database password : 
CTGSK3026W The key file "/home/mqm/mqm-stage.csr" does not exist or cannot be read.
CTGSK2017W An invalid database file type was encountered.CTGSK3009W One or more certificates in the keystore could not be loaded.

The file does exist in the path.

What am I doing wrong?

hello,

runmqckm -cert -add must be used to add a certificate linked to a certification chain to a store, the certificate being in .crt, .pem, ... format.
This is typically the case for a CA certificate.

runmqakm -cert -import must be used to import a personal certificate, which contains a certificate and its private key in a file in pkcs12 (.pfx or .p12) format.

HTH, LMD.

Good morning, I need some help importing a certificate from Digicert, the file is in PEM format.
I have read the documentation, the first step is to create a new database.

Here is the command:

runmqckm -keydb -create -db key.kdb -pw <password> -stash

I haven't understood if I should use the command runmqakm -cert -import or runmqckm -cert -add to add the certificate.

Could you please help me?

What I'm doing wrong I don't understand???

[mqm@ibm-mq-1a ~]$ runmqckm -cert -import -file /home/mqm/archivo.p12 -pw PASSWORD -type p12 -target /var/mqm/qmgrs/KIUPNRS/ssl/key.kdb

The input file '/home/mqm/archivo.p12' could not be found.

Check the database path.

------------------------------
Emanuel Gonzalez

Original Message:
Sent: Fri February 09, 2024 05:40 AM
From: Francois Brandelik
Subject: Import pem file

If you have 2 pem files containing the key and the certificate and its signerchain, you first must use openssl to create a pks12 file where you set the key + certificates into 1 container. Make sure you assign a label to the certificate / key when using openssl.

then you can run

# the password for the the pkcs12 file gets prompted# the target_stashed avoids to enter the password for the kdb file# if you don't have a stash file yet, omit the -target_stashed param and get prompted for the passwordrunmqakm -cert -import -db store.p12 -dbtype pkcs12 -target mykdb.kdb -target_stashed

The corresponding openssl commands can be found browsing the web.

Hope it helps

------------------------------
Francois Brandelik

Original Message:
Sent: Thu February 08, 2024 10:02 AM
From: Emanuel Gonzalez
Subject: Import pem file

I have read the documentation several times but I feel very confused, I have two files of my private-stage.key private-stage.pem certificate and mqm-stage.csr.

First I created the vault with the following command:

[mqm@ibm-mq-1a ssl]$ runmqakm -keydb -create -db key.kdb -pw PASSWORD -stash

I try to import the csr but I see this error:

[mqm@ibm-mq-1a ssl]$ runmqakm -cert -receive -file /home/mqm/mqm-stage.csr -db key.kdb
Source database password : 
CTGSK3026W The key file "/home/mqm/mqm-stage.csr" does not exist or cannot be read.
CTGSK2017W An invalid database file type was encountered.CTGSK3009W One or more certificates in the keystore could not be loaded.

The file does exist in the path.

What am I doing wrong?

------------------------------
Emanuel Gonzalez

Original Message:
Sent: Tue January 09, 2024 05:37 PM
From: Luc-Michel Demey
Subject: Import pem file

hello,

runmqckm -cert -add must be used to add a certificate linked to a certification chain to a store, the certificate being in .crt, .pem, ... format.
This is typically the case for a CA certificate.

runmqakm -cert -import must be used to import a personal certificate, which contains a certificate and its private key in a file in pkcs12 (.pfx or .p12) format.

HTH, LMD.

------------------------------
Luc-Michel Demey
DEMEY CONSULTING
lmd@demey-consulting.fr
#IBMChampion

Original Message:
Sent: Tue January 09, 2024 02:55 PM
From: Emanuel Gonzalez
Subject: Import pem file

Good morning, I need some help importing a certificate from Digicert, the file is in PEM format.
I have read the documentation, the first step is to create a new database.

Here is the command:

runmqckm -keydb -create -db key.kdb -pw <password> -stash

I haven't understood if I should use the command runmqakm -cert -import or runmqckm -cert -add to add the certificate.

Could you please help me?

------------------------------
Emanuel Gonzalez
------------------------------