IBM Support

Alter the Friendly Name (Label) of pkcs12 certificates for importing into GSKit

Troubleshooting


Problem

How to alter the WebSphere MQ Friendly Name (Label) of pkcs12 certificates for importing into GSKit

Cause

Resolving The Problem

The following document describes the steps required for altering the friendly names or labels that identify certificates in a PKCS12 key repository so that you can import them into a Queue Manager key store with the friendly name in the correct format. On UNIX platforms, WebSphere MQ requires labels to start with 'ibmwebspheremq' and on z/OS the labels must start with 'ibmWebSphereMQ' (both case sensitive) for channels to run. However, as GSKit iKeyman does not allow you to edit this label once the certificate is in the store therefore you must ensure that it is in the correct format before importing it.

Using IBM KeyMan professional

The following information is provided as a helpful workaround and is provided AS-IS. If you encounter problems when using the following, contact the IBM WebSphere MQ support team. No guarantee is made as to the accuracy of the information contained within this document.

IBM KeyMan professional is a small Java™ application which can be used to (among other things) modify the label (friendly name) of a certificate in a key repository. The following describes the steps required to change the label of a certificate in a key repository using IBM KeyMan professional. Firstly you should download the application. It is provided with the WebSphere MQ Internet Pass-Through (IPT) SupportPac™, which can be obtained using the SupportPacs page or directly this link:

It can also be found using IBM Alpha Works or directly using this link: The following instructions assume that you are running IBM KeyMan on a Windows machine, although if required it can be run on other platforms (it is a Java application). Once downloaded unzip the file and you should find it uncompresses into a directory called KM\
  1. Edit the km.bat file such that the KMHOME environment variable points to the directory where the KM\ directory reside.
    (The default is C:\Program Files\IBM\BlueZ\KeyMan. If the zip file was unzipped into this directory then there is no need to change the 'km.bat' file.)
  2. Run the Windows batch file 'km.bat' to start IBM KeyMan.
  3. Load the PKCS12 file that contains the certificate(s) which you wish to modify the label of by selecting the button on the right.
  4. Select 'Load from local resource' (assuming you are loading a file from a hard disk) and click the arrow to continue.
  5. Select 'Open a file...' and click the arrow to continue.
  6. Enter the path and file name (or 'Browse' for the certificate file) and click the arrow to continue.
  7. Enter the passphrase (password) of the PKCS12 file and click the tick icon.
  8. Your certificate should be displayed in a window with several icons above it.
  9. Double click the certificate to open a windows with details on the certificate.
  10. Click the spanner icon in the bottom right hand corner of the box
  11. The top of this will have a box containing the certificate label. Delete what is in there and type in the required label (Example: 'ibmwebspheremqqmgrnameinlowercase')
  12. Click the 'tick' to accept the changes and close the window. Click the tick on the 'Your Certificate' window to close that also.
  13. Back in the main window click File on the menu bar and click Save.
  14. Type in a new file name and click the tick. The file will be saved, ready to be imported into GSkit for use with WMQ.

[{"Product":{"code":"SSFKSJ","label":"WebSphere MQ"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"SSL","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"7.5;7.1;7.0.1;7.0;6.0;5.3","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Product Synonym

WebSphere MQ WMQ MQ

Document Information

Modified date:
15 June 2018

UID

swg21225160

Page Feedback