IBM MQ docker add personal cert to .kdb

Question

I have created a kdb file in my IBMMQ (docker) using below command:

runmqakm -keydb -create -db key.kdb -stash -pw password -type cms

And I've created a self-signed cert by:

openssl genrsa -out ca.key 2048
openssl req -new -x509 -key ca.key -subj "$prefix/CN=ca" -out ca.crt
openssl pkcs12 -export -out ca.pfx -in ca.crt -nokeys
openssl pkcs12 -export -in ca.crt -inkey ca.key -out ca.p12 -name myca -CAfile ca.crt -passin pass:mypass -passout pass:mypass

Now I want to add my own ca.crt to kdb as personal cert, I mean something like below:

runmqakm -cert -list -db key.kdb -stashed
Certificates found
* default, - personal, ! trusted, # secret key
-   CAlabel

I've tried this commands:

runmqckm -cert -import -file ca.pfx -pw mypass -type pkcs12 -target filename -target_pw password -target_type cms -label CAlabel

runmqckm -cert -import -file ca.p12 -pw mypass -type pkcs12 -target filename -target_pw password -target_type cms -label CAlabel

But keep facing this error (login as root in docker:docker exec -it -u 0 containerid sh):

The database doesn't contain an entry with label 'CAlabel'.

Check the label and try again.

And also (login normally in docker :docker exec -ti containerid /bin/bash)

Dec 19, 2021 7:48:57 AM java.util.prefs.FileSystemPreferences$1 run

WARNING: Couldn't create user preferences directory. User preferences are unusable.

Dec 19, 2021 7:48:57 AM java.util.prefs.FileSystemPreferences$1 run

List item

WARNING: java.io.IOException: No such file or directory

The input file '/mnt/mqm/data/qmgrs/QM1/ssl/ca.pfx' could not be found.

Check the database path.

Does anyone have any suggestion that how can I solve this problem?

Answer 1

This command will import all certs contained in the p12 file to the kdb.

runmqcakm -cert -import -file ca.p12 -pw mypass -type pkcs12 -target key.kdb -target_stashed -target_type cms