| Author |
Message
|
| coolcurls |
 Posted: Fri Aug 03, 2007 2:24 pm Post subject: CCDT and SSL |
 |
|
Novice
Joined: 03 Aug 2007
Posts: 15
|
Hello Everyone,
I am using a Java MQ client sitting on my local machine to connect to a remote Queue Manager (on AIX). I have created the Client Channel Definition and copied the AMQCLCHL.TAB onto my system. And followed the steps here :
http://www.ibm.com/developerworks/websphere/library/techarticles/0506_barrago/0506_barrago.html
I have to enable SSL on the remote QManager.
I have set all the properties required.
When I dont use the CCDT to connect to the Queue Manager using the below contructor
MQQueueManager qmgr = new MQQueueManager(String qmgrName, Hashtable props);
props.put(MQC.CHANNEL_PROPERTY, "TEST.CLIENT.CHL");
props.put(MQC.HOST_NAME_PROPERTY, "hostname");
props.put(MQC.PORT_PROPERTY,new Integer(1414));
The SSL works fine. Connects to the QMgr only when the MQC.SSL_CIPHER_SUITE_PROPERTY and MQC.SSL_SOCKET_FACTORY_PROPERTY have been set appropriately.
But when I use the CCDT to connect to the Queue Manager using the below contructor
MQQueueManager qmgr = new MQQueueManager(qmgrName, props, channelTable);
The SSL does'nt seem to be in the picture. The java client connects to the Queue Manager irrespective of the SSL properties set in the program.
Am I doing something wrong here? Thanks in advance. |
|
| Back to top |
|
 |
| Michael Dag |
| Posted: Sat Aug 04, 2007 12:33 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
Did you alter the SSL cipherspec on the CLNTCONN channel on the AIX Qmgr and then COPIED the CCDT to your workstation?
how is the CCDT to know about the ebabling of SSL without it?
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| coolcurls |
| Posted: Sat Aug 04, 2007 11:06 am Post subject: |
|
|
Novice
Joined: 03 Aug 2007
Posts: 15
|
Hi Michael,
Thats a very good point but yes I did copy the CCDT after I enabled the SSL. Even if I didnt, the program should not be able to connect as the properties on the channel are already set for SSL. Well anyways, it is still able to connect to the qmgr even without the SSL cipher suite set in the program. Please let me know if you need more information.
I appreciate your help.
Thanks,
TT |
|
| Back to top |
|
|
| PhilBlake |
| Posted: Sun Aug 05, 2007 12:34 pm Post subject: |
|
|
Acolyte
Joined: 25 Oct 2005
Posts: 64
|
Sounds like it's not picking up the SSL_SOCKET_FACTORY_PROPERTY when using the CCDT. Have you tried setting the system properties javax.net.ssl.trustStore and javax.net.ssl.personalStore to see if that works ?
Phil |
|
| Back to top |
|
|
| coolcurls |
| Posted: Mon Aug 06, 2007 3:34 pm Post subject: |
|
|
Novice
Joined: 03 Aug 2007
Posts: 15
|
Hello all,
According to this article
http://www.ibm.com/developerworks/websphere/library/techarticles/0704_xu/0704_xu.html
looks like SYSTEM.DEF.SVRCONN channel is used when the CCDT is used. I cannot enable SSL on this channel as other applications are using this channel. when I try to set a different channel property in the program I get the problem 2 specified in the article. Is there any other way i make the program use a different channel?
Thanks,
TT |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Aug 06, 2007 7:09 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
When using the CCDT, the channel used is picked based on the qmgr name assigned to the channel, and compared with the name used when connecting.
If you specify a blank qmgr name on your MQCONN (or equivalent), then it will match in the CCDT against channels that have an empty qmgr.
If you specify a "*" qmgr name, then it will match against all channels in the CCDT.
If there is only one channel in the CCDT, then it will either always match that one, or never match that one.
If there are two or more matching channels, then the first will be taken as a primary and the rest taken (in order) as secondaries.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| coolcurls |
| Posted: Tue Aug 07, 2007 9:23 am Post subject: |
|
|
Novice
Joined: 03 Aug 2007
Posts: 15
|
Well I have specified the Qmgr name on the client channel i am interested in, and that is the same Qmgr name I am using in the program to make a connection call MQCONN in java using
MQQueueManager qmgr = new MQQueueManager(qmgrName, props,channelTable);
where the channelTable has the URL to the CCDT and props has the SSL props.
Am I supposed to do anything else? |
|
| Back to top |
|
|
|
|
