MQ

 View Only

 MQ Container 9.4.1.0-rq fails with: Failed to add to known certificates for CMS Keystore

Andres Colodrero's profile image
Andres Colodrero posted Tue November 26, 2024 09:53 AM

Hi,

On my dev environment i was running and then i upgrade the operator to 9.4.1.0-r1.

The first pod is trying to start and i get this error:

2024-11-26T13:47:41.810Z Failed to add to known certificates for CMS Keystore

is there any changes on version 9.4.1? i have been running MQ for a long  time with my certificates.

The other 2 pods are still running and i can use MQ version 9.4.0.6.

This is causing me the situation of i cant rollback to version 9.4.0.6 (good to know on dev environment, so im a bit aware of taking a backup before).

Arthur Barr's profile image
Arthur Barr posted Wed November 27, 2024 05:41 AM

Yes, there was a change to the certificate handling in the 9.4.1 container.  It is possible for a single ".crt" file to contain multiple PEM blocks, each containing a different intermediate certificate.  Previously, only the first PEM block in a single file was processed, so that you had to use multiple ".crt" files for certificates with intermediate parts.  So this could potentially cause a problem if your ".crt" file has multiple blocks, but there's something wrong with one of the blocks.

I suggest it might be worth raising an IBM Support case if you need further help investigating.