To verify that you are using the right password, check the content of the Tibco keystore. Use (acmq) as the alias for the Message Queue certificate added to the Message Queue keystore. This can be accomplished within 'services.msc' in Windows, or '/etc/init.d/ca-acrptmq stop' within *nix. Run the following command to encrypt the keystore file password: Navigate to CMInstallDir\MessageQueue\Tibco\ems\5.1\bin
Ssl_password = $man$JfSdO2iR-xkmDJa9yx7tMCd4G4sĬopy the PKCS#12 keystore created for the Message Queue to the /ENTMInstallDir/MessageQueue/Conf directory.
#TIBCO EMS WINDOWS PASSWORD#
Set the ssl_password token value to the mangled password generated above. Ssl_server_identity = "////opt////CA////AccessControlServer////MessageQueue/conf/acmq.p12" data]# cat nf | grep ssl_server_identity
#TIBCO EMS WINDOWS FULL#
Set the ssl_server_identity token value to the full pathname and file name of the PKCS#12 keystore. Navigate to CMInstallDIr\MessageQueue\tibco\cfgmgmt\ems\data bin]# cd /opt/CA/AccessControlServer/MessageQueue/conf/data
#TIBCO EMS WINDOWS SOFTWARE#
TIBCO Enterprise Message Service Administration Tool.Ĭopyright 2003-2009 by TIBCO Software Inc. bin]# cd /opt/CA/AccessControlServer/MessageQueue/tibco/ems/5.1/bin/tibemsd private]# openssl pkcs12 -export -in my_cert.crt -inkey private.key -out acmq.p12 -name "acmq" Subject=/C=country/ST=place/L=where/O=company/OU=Support/CN=host/ private]# openssl x509 -req -days 365 -in my_request.csr -signkey private.key -out my_cert.crt Please enter the following 'extra' attributes Organizational Unit Name (eg, section) :Ĭommon Name (eg, your name or your server's hostname) :
If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value,
What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated private]# openssl req -new -key private.key -out my_request.csr Generating RSA private key, 4096 bit long modulus private]# openssl genrsa -out private.key 4096 We need to create a PKCS #12 certificate, and below I have demonstrated how this can be accomplished on a *nix system (within Windows, it's the same syntax, only Windows requires OpenSSL.exe whereas *nix needs the OpenSSL package to be on the targeted machine). Open a command prompt as an Administrator, or root within an SSH session. This shows an example of creating our own self signed PKCS #12 certificate to replace the expired certificate that is used for the Tibco + SSL handshake.
0 kommentar(er)
