| Author |
Message
|
| chris boehnke |
 Posted: Mon May 09, 2011 7:54 am Post subject: SSL setup for MQ |
 |
|
Partisan
Joined: 25 Jul 2006
Posts: 369
|
Hi,
We are using MQ 7.0.1.4 on Linux x86-64.
We want to manage MQ managers from MQExplorer from our desktops. To secure from unauthorized users, want to implement SSL with self signed certs(as it is within the network).
To use the SSL, can we use MQSERVER environmental variable on the desktop by placing the certificate(created on the Qmgr server) on the desktop or do we have to use CCDT table for the SSL client setup?.
On the user desktops, its bit hard to manage the channel table as everytime we have to get a new channel table whenever there is an update to the channel. If it is not mandatory to go with CCDT, I would rather prefer to use MQSERVER environmental variable and still can be implemented SSL?.
Please advice.
Thanks. |
|
| Back to top |
|
 |
| Vitor |
| Posted: Mon May 09, 2011 8:10 am Post subject: Re: SSL setup for MQ |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| chris boehnke wrote: |
| To use the SSL, can we use MQSERVER environmental variable on the desktop by placing the certificate(created on the Qmgr server) on the desktop or do we have to use CCDT table for the SSL client setup?. |
You need to use a CCDT for SSL.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Mon May 09, 2011 8:27 am Post subject: Re: SSL setup for MQ |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Vitor wrote: |
| chris boehnke wrote: |
| To use the SSL, can we use MQSERVER environmental variable on the desktop by placing the certificate(created on the Qmgr server) on the desktop or do we have to use CCDT table for the SSL client setup?. |
You need to use a CCDT for SSL. |
Not with MQExplorer. With MQExplorer you merely configure the correct properties of the Remote Queue manager definition in the pane.
MQExplorer also doesn't honor MQSERVER as far as I know...
You need to use a CCDT for SSL when you are working with an application that is using an MQCONN call and not an MQCONNX call. Which, for example, is not the case with Java applications, or many of the choices of creating an MQ connection in .NET/XMS. |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon May 09, 2011 8:47 am Post subject: Re: SSL setup for MQ |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjeff wrote: |
| Not with MQExplorer. With MQExplorer you merely configure the correct properties of the Remote Queue manager definition in the pane. |
Good point. 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Mon May 09, 2011 8:53 am Post subject: Re: SSL setup for MQ |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Vitor wrote: |
| mqjeff wrote: |
| Not with MQExplorer. With MQExplorer you merely configure the correct properties of the Remote Queue manager definition in the pane. |
Good point. |
 |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Mon May 09, 2011 9:23 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| chris boehnke wrote: |
| On the user desktops, its bit hard to manage the channel table as everytime we have to get a new channel table whenever there is an update to the channel. |
I remember one scenario, quite similar to yours, where MQ team provided the .tab file (client conn. channel table file) to application teams (trusted application) and they kept that table file in a common repository ( or common shared disk space ) so that it could be accessed by all. [I'm not sure whether this option is available to you or not, but wanted to share a scenario.]
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
|
|
