MQ

 View Only
  • 1.  openssl and runmqakm

    IBM Champion
    Posted Tue April 05, 2022 04:49 PM
    Hopefully a simple question (if there is such a thing).  I have a public/private key pair that was generated with openssl, like this:

    "openssl req -newkey -rsa:2048 -keyout <private-file>.key -x509 -days 365 -out <public-file>.crt -subj <sub>".

    I use the MQ runmqakm command to create an empty MQ key database:

    "runmqakm -fips -keydb -create -db <db-name>.kdb -pw "<password>" -type cms -stash -empty"

    Can I also use the runmqakm to import the private key from openssl into the kdb DB?  If so, what is the syntax for doing this?

    Thanks

    ------------------------------
    Jim Creasman
    ------------------------------


  • 2.  RE: openssl and runmqakm

    IBM Champion
    Posted Tue April 05, 2022 05:59 PM
    Edited by Morag Hughson Tue April 05, 2022 06:25 PM

    This might not be the only way to do it, and I'm sure others will jump in too, but one way to do it would be to combine the <private-file>.key and <public-file>.crt into a PKCS#12 file and then runmqakm can import that.

    openssl pkcs12 -export -out myCert.p12 -inkey <private-file>.key -in <public-file>.crt

    This command will then prompt you for a password to lock up the PKCS#12 file. It is this password that is mentioned in the next command or you can omit it (hence the [ ] below) and it will prompt you for that too.

    runmqakm -cert -import -file myCert.p12 [-pw <pkcs-password>] -type pkcs12 -target <db-name>.kdb -target_stashed

    Hope that helps!

    Cheers,
    Morag



    ------------------------------
    Morag Hughson
    MQ Technical Education Specialist
    MQGem Software Limited
    Website: https://www.mqgem.com
    ------------------------------