| Author |
Message
|
| Adreno |
 Posted: Wed Jan 09, 2008 2:47 am Post subject: WMB Command Console with SSL secured SYSTEM.BROKER.CONF CHL |
 |
|
Acolyte
Joined: 05 Jul 2007
Posts: 71
|
Hi @ all,
i got a few questions regarding the use of ssl secured channels (connections) with the wmb command console.
I´m just testing the use of ssl for my connections between my config manager and the MB Toolkit or the connection between the config manager and the wmb command prompt during (mqsi)deploy aktions.
The SYSTEM.BROKER.CONFIG channel is configured with ssl (NULL_MD5 and ssl optional) and the nessesary personal certificates are generated and transfered into the .jks keystore for the wmb toolkit. Toolkit is configured with the right parameters and started with the
-vmargs -Djavax.net.ssl.keyStorePassword=Password addy in the Short Cut. So everythings fine and it all works (connection & deployment).
Now i want to use the mqsideploy command from within the wmb command console to deploy my .bar files. Now i get a "connection fails" error with reason code 2059 during the connection startup. Without ssl enabled on the SYSTEM.BROKER.CONFIG channel the deployment via mqsideploy works properly.
Any suggestions how to enable SSL for the command console?
Last edited by Adreno on Wed Jan 09, 2008 6:57 am; edited 1 time in total |
|
| Back to top |
|
 |
| mqmatt |
| Posted: Wed Jan 09, 2008 5:42 am Post subject: |
|
|
Grand Master
Joined: 04 Aug 2004
Posts: 1213
Location: Hursley, UK
|
| If you're not already doing this, you'll need to specify the connection parameters using the -n flag. This is because MQ's SSL connection parameters can only be supplied in the .configmgr file, rather than on the command line. |
|
| Back to top |
|
|
| Adreno |
| Posted: Wed Jan 09, 2008 6:37 am Post subject: |
|
|
Acolyte
Joined: 05 Jul 2007
Posts: 71
|
Well,
i already tried this.
Just watch the entries:
<?xml version="1.0" encoding="UTF-8"?>
<configmgr crlNameList="" domainName="CM_QM001" host="localhost" listenerPort="1501" queueManager="QM1" securityExit="" securityExitJar="" sslCipherSuite="SSL_RSA_WITH_NULL_MD5" sslDistinguishedNames="" sslKeyStore="C:\MQCLIENT\Toolkit\toolkit.jks" sslTrustStore="C:\MQCLIENT\Toolkit\toolkit.jks" svrconn="SYSTEM.BKR.CONFIG"/>
Operation still ends with Reason Code 2059.
Connection with the toolkit workes with these settings in the configmgr file.
Here´s the command i used:
mqsideploy -n QM1.configmgr -b BK_QM001 -e Standardwert -a Test1.bar -m
Any further suggestions?? |
|
| Back to top |
|
|
| Adreno |
| Posted: Thu Jan 10, 2008 2:52 am Post subject: |
|
|
Acolyte
Joined: 05 Jul 2007
Posts: 71
|
Hi guys,
i realized a markable fact that may could point to the right direction.
When I use the WMB toolkit i have to set a parameter in the shortcut, which tells the toolkit the right passwort for the .jks keystore.
Although I use the same .configmgr file with the -n flag within a mqsideploy from the command console, the console doesn´t know the password for the keystore.
Any suggestions how to tell the command console to the right password for the keystore?
_________________
There are two kinds of people in this world: people who s***, and Chuck Norris... |
|
| Back to top |
|
|
| mqmatt |
| Posted: Thu Jan 10, 2008 3:38 am Post subject: |
|
|
Grand Master
Joined: 04 Aug 2004
Posts: 1213
Location: Hursley, UK
|
| Have you tried setting the -D parameters inside the environment variable IBM_JAVA_OPTIONS? |
|
| Back to top |
|
|
| Adreno |
| Posted: Thu Jan 10, 2008 5:52 am Post subject: |
|
|
Acolyte
Joined: 05 Jul 2007
Posts: 71
|
Not at this time . .
What does this parameter exactly?
_________________
There are two kinds of people in this world: people who s***, and Chuck Norris... |
|
| Back to top |
|
|
| Adreno |
| Posted: Fri Jan 11, 2008 1:43 am Post subject: |
|
|
Acolyte
Joined: 05 Jul 2007
Posts: 71
|
Sry,
i was a bit confused . . .
So within the mqsideploy command there´s no possibility to use the -D option and adding the parameter to the command console shortcut has no effect.
_________________
There are two kinds of people in this world: people who s***, and Chuck Norris... |
|
| Back to top |
|
|
| mqmatt |
| Posted: Fri Jan 11, 2008 3:31 am Post subject: |
|
|
Grand Master
Joined: 04 Aug 2004
Posts: 1213
Location: Hursley, UK
|
If you're using the IBM Java VM, the IBM_JAVA_OPTIONS allow you pass options such as the -D parameters to applications that use it. mqsideploy is one such application; it's an executable but it does use the JVM.
For backward compatability, there is also mqsideploy.bat; this is a Windows batch program that calls java.exe directly. You could add your -D parameters directly here. |
|
| Back to top |
|
|
|
|
