I have created a kdb file in my IBMMQ (docker) using below command:
runmqakm -keydb -create -db key.kdb -stash -pw password -type cms
And I've created a self-signed cert by:
openssl genrsa -out ca.key 2048
openssl req -new -x509 -key ca.key -subj "$prefix/CN=ca" -out ca.crt
openssl pkcs12 -export -out ca.pfx -in ca.crt -nokeys
openssl pkcs12 -export -in ca.crt -inkey ca.key -out ca.p12 -name myca -CAfile ca.crt -passin pass:mypass -passout pass:mypass
Now I want to add my own ca.crt to kdb as personal cert, I mean something like below:
runmqakm -cert -list -db key.kdb -stashed
Certificates found
* default, - personal, ! trusted, # secret key
- CAlabel
I've tried this commands:
runmqckm -cert -import -file ca.pfx -pw mypass -type pkcs12 -target filename -target_pw password -target_type cms -label CAlabel
runmqckm -cert -import -file ca.p12 -pw mypass -type pkcs12 -target filename -target_pw password -target_type cms -label CAlabel
But keep facing this error (login as root in docker:docker exec -it -u 0 containerid sh):
The database doesn't contain an entry with label 'CAlabel'.
Check the label and try again.
And also (login normally in docker :docker exec -ti containerid /bin/bash)
Dec 19, 2021 7:48:57 AM java.util.prefs.FileSystemPreferences$1 run
WARNING: Couldn't create user preferences directory. User preferences are unusable.
Dec 19, 2021 7:48:57 AM java.util.prefs.FileSystemPreferences$1 run
List item
WARNING: java.io.IOException: No such file or directory
The input file '/mnt/mqm/data/qmgrs/QM1/ssl/ca.pfx' could not be found.
Check the database path.
Does anyone have any suggestion that how can I solve this problem?
CodePudding user response:
This command will import all certs contained in the p12 file to the kdb.
runmqcakm -cert -import -file ca.p12 -pw mypass -type pkcs12 -target key.kdb -target_stashed -target_type cms