| Author |
Message |
 Topic: Installing MQSeriesKeyman on linux |
ribs2609
Replies: 7
Views: 11113
|
 Forum: IBM MQ Security Posted: Thu Sep 15, 2016 1:54 am Subject: Installing MQSeriesKeyman on linux |
| How do I go about installing gskit, please? |
| Topic: Installing MQSeriesKeyman on linux |
ribs2609
Replies: 7
Views: 11113
|
Forum: IBM MQ Security Posted: Thu Sep 15, 2016 1:46 am Subject: Installing MQSeriesKeyman on linux |
Hi,
MQ version: v7.5.0.4
Packages installed:
rpm -qa | grep -i mq | sort
MQSeriesJava-7.5.0-1.x86_64
MQSeriesJava-U200491-7.5.0-4.x86_64
MQSeriesMan-7.5.0-1.x86_64
MQSeriesMan-U200491-7.5. ... |
| Topic: Installing MQSeriesKeyman on linux |
ribs2609
Replies: 7
Views: 11113
|
Forum: IBM MQ Security Posted: Thu Sep 15, 2016 1:24 am Subject: Installing MQSeriesKeyman on linux |
Hi,
I'm trying to configure SSL on Qmgr running on linux.
But to create certificates, I dont see the gsk7cmd under /opt/mqm.
Also, dont see /opt/mqm/ssl directory to set JAVA_PATH.
Will it be ... |
| Topic: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
ribs2609
Replies: 15
Views: 17038
|
Forum: IBM MQ Security Posted: Wed Sep 14, 2016 6:30 am Subject: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
Also, is there a restriction to the certificate label name in mainframe?
The usual ones i have come across are in this format ibmWebSphereMQQMGRNAME.
Not sure if it has to be in this format, pleas ... |
| Topic: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
ribs2609
Replies: 15
Views: 17038
|
Forum: IBM MQ Security Posted: Wed Sep 14, 2016 6:10 am Subject: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
Well, windows will be at 7.5 by next week.
One query before that, I have QMGR's with in windows server using TLS 128 bit encryption on SDR- RCVR and SVRCONN channels and working.
From the same win ... |
| Topic: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
ribs2609
Replies: 15
Views: 17038
|
Forum: IBM MQ Security Posted: Wed Sep 14, 2016 6:01 am Subject: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
okay...so the latest observation is that, the channel does come up with ciphers that has 56 bit or less encryption.
So it works with, TLS_RSA_WITH_DES_CBC_SHA, NULL_MD5, NULL_SHA, DES_SHA_EXPORT.
... |
| Topic: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
ribs2609
Replies: 15
Views: 17038
|
Forum: IBM MQ Security Posted: Wed Sep 14, 2016 5:13 am Subject: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
Output of list keyring from mainframe: It now only has the windows qmgr (QM3) cert which is created with 2048 size.
Am trying to put in all the info, so that any of it rings any bells.
RACDC ... |
| Topic: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
ribs2609
Replies: 15
Views: 17038
|
Forum: IBM MQ Security Posted: Wed Sep 14, 2016 4:23 am Subject: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
>> Deleted the mainframe Qmgr's certificate from the key ring
>> Now the keyring only has the windows Qmgrs certificate
>> Still the SDR channel fail with invalid cipher error
> ... |
| Topic: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
ribs2609
Replies: 15
Views: 17038
|
Forum: IBM MQ Security Posted: Tue Sep 13, 2016 3:47 am Subject: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
Thanks again.
>> Will try the test, after deleting the mainframe certificate from KeyRing
>> Yes, we are looking at key size of 4096. But the maximum key size supported by runmqckm shi ... |
| Topic: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
ribs2609
Replies: 15
Views: 17038
|
Forum: IBM MQ Security Posted: Tue Sep 13, 2016 1:23 am Subject: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
Another thought:
The SDR channel is on mainframe and RCVR at Windows side.
SSLAUTH is set to 'optional' at RCVR end.
And so only the windows QMGR's certificate is copied to mainframe QMGR's key ... |
| Topic: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
ribs2609
Replies: 15
Views: 17038
|
Forum: IBM MQ Security Posted: Tue Sep 13, 2016 1:18 am Subject: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
Yes, that's a useful info.
Just did a google for the default keysize used by RACDCERT command and its 1024 and hence TLS not working.
But I have tried other ciphers like NULL_MD5, SHA, TRIPLE_DES_ ... |
| Topic: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
ribs2609
Replies: 15
Views: 17038
|
Forum: IBM MQ Security Posted: Mon Sep 12, 2016 11:22 pm Subject: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
Hi Jedi,
Thanks for suggesting the CODE thingy.
1) Are there no fixpacked applied to the Mainframe MQ?
I will have to check with mainframe admin for any fixpack, will get back.
Will that have ... |
| Topic: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
ribs2609
Replies: 15
Views: 17038
|
Forum: IBM MQ Security Posted: Mon Sep 12, 2016 10:08 pm Subject: SSL b/w SDR - RCVR channel on mainframe and windows qmgr |
Hi Team,
Am trying to enable SSL between SDR - RCVR channels on Mainframe and Windows Qmgr and hit an invalid cipher error. All the c ... |
