| Author |
Message
|
| kazim |
 Posted: Wed Aug 22, 2007 7:29 am Post subject: SSL - using IKeyman on 5.3 ?? |
 |
|
Apprentice
Joined: 15 Jul 2007
Posts: 31
|
Hello
we have actually tried to create key database,add and import certificates in MQ 5.3 using iKeyman GUI and we were successfully able to create .kdb file. The actual problem is even though the certificates are imported and the .kdb file has all the valid certificates there is some problem in starting the sender channel. The error says that "no certificates have been sent to remote QM for SSL hank shake".
when we go to the QM properties and assign the certificates manually...IT WORKS. BUT the assigned certificates are imported in to .sto file that has been created by MQ 5.3 itself(not into the .kdb file which we have created using ikeyman GUI).
So finally my queries are:
can iKeyman GUI be used to create key Database in MQ 5.3?
Does MQ 5.3 really use that created .kdb file ? OR creates its own .sto file and uses it.?
YOUR HELP IS MUCH APPRECIATED |
|
| Back to top |
|
 |
| Vitor |
| Posted: Wed Aug 22, 2007 7:39 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
|
| Back to top |
|
|
| kazim |
| Posted: Wed Aug 22, 2007 8:12 am Post subject: |
|
|
Apprentice
Joined: 15 Jul 2007
Posts: 31
|
Hi Vitor,
Thanks for your reply..
from one of the IBM links we have got some info that ikeyman can be used in MQ5.3 with fix pack 12.
But when we follow the procedure described above, we are getting the ssl handshake error.
I need confirmation from someone if we can use .kdb key database files (that are created by ikeyman) in mq5.3 directly ?
or do they need any modification for ssl implementation. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Wed Aug 22, 2007 8:14 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
IKeyMan is used in v5.3 for Unix, but not for Windows.
Likely, you're creating the wrong kind of kdb - CMS instead of JKS or vice versa.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| kazim |
| Posted: Wed Aug 22, 2007 11:34 pm Post subject: |
|
|
Apprentice
Joined: 15 Jul 2007
Posts: 31
|
Thanks jefflowrey.
So do you mean to say that .sto is the only keydatabase format supported by MQ5.3 on windows ? |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Aug 23, 2007 2:12 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
No.
I'm saying that you're likely trying to use a CMS keystore with a Java program (Java programs require Java Key Stores) or you're trying to use a JKS keystore with a C program.
I'm making no claims about what is or is not supported for v5.3. Other than that GSKit is used for SSL support on Unix.
I haven't loooked at the SSL documentation for v5.3, except very briefly, in at least three years, so I have no useful information on your problem. Other than the above general suggestion about keystore types.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
