| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ SSL Error |
« View previous topic :: View next topic » |
| Author |
Message
|
| raghug |
 Posted: Thu Apr 17, 2008 8:16 am Post subject: MQ SSL Error |
 |
|
Acolyte
Joined: 19 Jul 2006
Posts: 60
Location: NJ
|
Hi All
I follow below steps But I got error
An error occurred while opening the database file,check for file existence and permission.
20086 - An error occurred while opening files, check for file existence and permissions.
MQ Server: 5.3, sun o/s 5.8, no ssl has been configured before.
MQ : 5.3, running remote on Sun o/s.
Configure the MQ Server
====================
gsk5cmd is used here to create key.kdb (if necessary), create a self assigned certificate, export to a .ARM file.
Let us assume the qmgr is call MQDSMDW01
1. (If necessary) create a key.kdb (crt_kdb.sh) for MQ Server.
/home/victor> cat crt_kdb.sh
export JAVA_HOME=/usr/mqm/ssl/jre
gsk5cmd -keydb -create -db key.kdb -pw iss55 -type cms -expire 365 -stash
2. create a self assigned certifcate in key.kdb.
/home/victor> cat crt_cert.sh
export JAVA_HOME=/usr/mqm/ssl/jre
gsk5cmd -cert -create -db key.kdb -pw changeit -label ibmwebspheremqmqdsmdw02 -dn CN=AUGUSTA,O=CCE,C=US -expire 365 -size 1024 -x509version 3
note the fixed "ibmwebspheremq<qmgr in lower case>".
qmgr Foo becomes "foo" here.
3. Export the ibmwebspheremqfoo to .arm format (mqdsmdw01arm)
/home/victor> cat ext_cert.sh
export JAVA_HOME=/usr/mqm/ssl/jre
gsk6cmd -cert -extract -db key.kdb -pw changeit -label ibmwebspheremqfoo -target mqdsmdw01arm -format ascii
4. log on as mqm, copy the key.kdb,key.sth to /var/mqm/qmgrs/MQDSMDW02/ssl.
5. log on as mqm, turn on SSL for the channel "MQDSMDW01CLIENT" , only SVRCONN is needed. Here is how to turn on/off the SSL on the fly.
cat ssl.mqsc | runmqsc FOO
$ cat ssl.mqsc
alter channel(MQDSMDW01CLIENT) CHLTYPE(SVRCONN) SSLCIPH(TRIPLE_DES_SHA_US) SSLCAUTH(OPTIONAL)
Optionally, to turn the SSL off,
cat nossl.mqsc | runmqsc FOO
$ cat nossl.mqsc
alter channel(MQDSMDW01CLIENT) CHLTYPE(SVRCONN) SSLCIPH('')
Configure MQ base java.
========================
1. use keytool -keystore cacerts -import -file MQDSMDW01arm
2. In the code, make sure this line runs.
MQEnvironment.sslCipherSuite="SSL_RSA_WITH_3DES_EDE_CBC_SHA";
In my case, I only set the CipherSuite when some property "sslEnabled" is true from a XML file. In this way, I can turn the SSL on/off from the client to match what is on the MQ server side.
and one more thing I did not understand where we create .kst file
Thanks
Raghu |
|
| Back to top |
|
 |
| Gaya3 |
| Posted: Thu Apr 17, 2008 8:03 pm Post subject: Re: MQ SSL Error |
|
|
Jedi
Joined: 12 Sep 2006
Posts: 2493
Location: Boston, US
|
| raghug wrote: |
20086 - An error occurred while opening files, check for file existence and permissions.
do you have rwx permission.
UPGRADE to MQ 6 -- no other way.
MQ Server: 5.3, sun o/s 5.8, no ssl has been configured before.
MQ : 5.3, running remote on Sun o/s.
|
_________________
Regards
Gayathri
-----------------------------------------------
Do Something Before you Die |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Apr 18, 2008 2:29 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Look @ step 2 and 3....
Why the change of label?
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
