AMQ9660E: SSL key repository: password stash file absent or unusable.



The SSL key repository cannot be used because MQ cannot obtain a password to access it. Reasons giving rise to this error include:

(a) the key database file and password stash file are not present in the location configured for the key repository,
(b) the key database file exists in the correct place but that no password stash file has been created for it,
(c) the files are present in the correct place but the userid under which MQ is running does not have permission to read them,
(d) one or both of the files are corrupt. The channel is ‘????’; in some cases its name cannot be determined and so is shown as ‘????’. The channel did not start.


Ensure that the key repository variable is set to where the key database file is. Ensure that a password stash file has been associated with the key database file in the same directory, and that the userid under which MQ is running has read access to both files. If both are already present and readable in the correct place, delete and recreate them. Restart the channel.

Colin’s actions

Use the following commands to check the keystore. You will need to provide your own keystore location.

I used export MQSSLKEYR=/home/colinpaice/mq/clientKeystore to define the keystore to my client. Note this is clientKeystore without the .kdb.

Check it can be read

runmqakm -cert -list all -db /home/colinpaice/mq/clientKeystore.kdb  -type cms -stashed

Check the mqm userid can process it

sudo -u mqm runmqakm -cert -list all -db /home/colinpaice/mq/clientKeystore.kdb  -type cms -stashed

Commands to give mqm access

chown :mqm clientKeystore.*
chmod g+rclientKeystore.*