This might not be the only way to do it, and I'm sure others will jump in too, but one way to do it would be to combine the <private-file>.key
and <public-file>.crt
into a PKCS#12 file and then runmqakm
can import that.
openssl pkcs12 -export -out myCert.p12 -inkey <private-file>.key -in <public-file>.crt
This command will then prompt you for a password to lock up the PKCS#12 file. It is this password that is mentioned in the next command or you can omit it (hence the [ ] below) and it will prompt you for that too.
runmqakm -cert -import -file myCert.p12 [-pw <pkcs-password>] -type pkcs12 -target <db-name>.kdb -target_stashed
Hope that helps!
Cheers,
Morag
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website:
https://www.mqgem.com------------------------------
Original Message:
Sent: Tue April 05, 2022 04:49 PM
From: Jim Creasman
Subject: openssl and runmqakm
Hopefully a simple question (if there is such a thing). I have a public/private key pair that was generated with openssl, like this:
"openssl req -newkey -rsa:2048 -keyout <private-file>.key -x509 -days 365 -out <public-file>.crt -subj <sub>
".
I use the MQ runmqakm command to create an empty MQ key database:
"runmqakm -fips -keydb -create -db <db-name>.kdb -pw "<password>" -type cms -stash -empty
"
Can I also use the runmqakm to import the private key from openssl into the kdb DB? If so, what is the syntax for doing this?
Thanks
------------------------------
Jim Creasman
------------------------------