Troubleshooting
Problem
How to alter the WebSphere MQ Friendly Name (Label) of pkcs12 certificates for importing into GSKit
Cause
Resolving The Problem
The following document describes the steps required for altering the friendly names or labels that identify certificates in a PKCS12 key repository so that you can import them into a Queue Manager key store with the friendly name in the correct format. On UNIX platforms, WebSphere MQ requires labels to start with 'ibmwebspheremq' and on z/OS the labels must start with 'ibmWebSphereMQ' (both case sensitive) for channels to run. However, as GSKit iKeyman does not allow you to edit this label once the certificate is in the store therefore you must ensure that it is in the correct format before importing it.
Using IBM KeyMan professional
The following information is provided as a helpful workaround and is provided AS-IS. If you encounter problems when using the following, contact the IBM WebSphere MQ support team. No guarantee is made as to the accuracy of the information contained within this document.IBM KeyMan professional is a small Java™ application which can be used to (among other things) modify the label (friendly name) of a certificate in a key repository. The following describes the steps required to change the label of a certificate in a key repository using IBM KeyMan professional. Firstly you should download the application. It is provided with the WebSphere MQ Internet Pass-Through (IPT) SupportPac™, which can be obtained using the SupportPacs page or directly this link:
It can also be found using IBM Alpha Works or directly using this link: The following instructions assume that you are running IBM KeyMan on a Windows machine, although if required it can be run on other platforms (it is a Java application). Once downloaded unzip the file and you should find it uncompresses into a directory called KM\- Edit the km.bat file such that the KMHOME environment variable points
to the directory where the KM\ directory reside.
(The default is C:\Program Files\IBM\BlueZ\KeyMan. If the zip file was unzipped into this directory then there is no need to change the 'km.bat' file.) - Run the Windows batch file '
km.bat
' to start IBM KeyMan. - Load the PKCS12 file that contains the certificate(s) which you wish to modify the label of by selecting the button on the right.
- Select 'Load from local resource' (assuming you are loading a file from a hard disk) and click the arrow to continue.
- Select 'Open a file...' and click the arrow to continue.
- Enter the path and file name (or 'Browse' for the certificate file) and click the arrow to continue.
- Enter the passphrase (password) of the PKCS12 file and click the tick icon.
- Your certificate should be displayed in a window with several icons above it.
- Double click the certificate to open a windows with details on the certificate.
- Click the spanner icon in the bottom right hand corner of the box
- The top of this will have a box containing the certificate label. Delete what is in there and type in the required label (Example: 'ibmwebspheremqqmgrnameinlowercase')
- Click the 'tick' to accept the changes and close the window. Click the tick on the 'Your Certificate' window to close that also.
- Back in the main window click
File
on the menu bar and clickSave
. - Type in a new file name and click the tick. The file will be saved, ready to be imported into GSkit for use with WMQ.
Product Synonym
WebSphere MQ WMQ MQ
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21225160