I happened across Doug Munsinger’s post about refreshing WMQ SSL certificates. On the one hand, it’s good to know someone else out there is using SSL with WMQ. On the other hand, the certificate problem on Doug’s web site overshadows the content of the post itself.
Ironically, the post about SSL certificates (the entire site, in fact) is only available over HTTPS but when you try to go to dougmunsinger.com, the certificate presented is actually for damgoodespresso.com. This is exactly the kind of thing that you would expect with all talk of of the DNS exploits lately and you have to wonder if this is in fact a cache poisoning problem.
In order to read the post safely, I fired up a read-only image in a VMWare player, disabled scripting and configured an exception so the browser would ignore the certificate mismatch. By the time I got to the post itself, I had almost forgotten why I went there in the first place.
In the end, it turns out that Doug had some minor problems refreshing expired SSL certificates but ultimately got through it. The post reminds us to use REFRESH SECURITY TYPE(SSL) instead of the plain REFRESH SECURITY command as they do completely different things. Good advice for those of us who have been doing this long enough that we’ve stopped reading the manuals. Done that? You betcha. Now if Doug can only remember how to refresh the certificates under Apache…