search cancel

Renewing a certificate in MQ receives a CSQX686E error message.

book

Article ID: 188498

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Replaced a digital certificate in MQ annd get a CSQX686E error message that states the certificate has no private key or the private key is not available. It also states to ensure the private key associated with the certificate used is available.

How do you check if the private key is avaiable?

And if it not available how do we make it available.

Also if available, how do you get a new private key for the certificate?

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

1. Replaced a digital certificate in MQ annd get a CSQX686E error message that states the certificate has no private key or the private key is not available. It also states to ensure the private key associated with the certificate used is available.
Answer:
The TSS ADD command to add the signed certificate and re-unite it with its private key was issued on the wrong system.

2. How do you check if the private key is available?
Answer:
The private key is present if a PRIVATE KEYSIZE is displayed when listing the certificate via TSS LIST(xxxxx) DIGICERT(xxxxxx) command.

3. And if it not available how do we make it available.
Answer:
You need to TSS GENREQ the certificate, send it out to be signed, then add the signed certificate back to the security file on the right system and on the same owning acid. Use a DIGICERT name and LABLCERT name that currently doesnt exists, since duplicate names are not allowed in Top Secret.