| Author |
Message
|
| TBS |
 Posted: Fri Feb 14, 2014 12:18 am Post subject: Multible clinet connection wtith different Certificate |
 |
|
Centurion
Joined: 29 Jan 2007
Posts: 143
Location: Hillerød / Denmark
|
Is it possible to have multible client connection to a mq manager with different certificate and different channels?
One QM, multible client each with their own channel and certificate.
Is that possible ? |
|
| Back to top |
|
 |
| exerk |
| Posted: Fri Feb 14, 2014 1:20 am Post subject: Re: Multible clinet connection wtith different Certificate |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| TBS wrote: |
| Is it possible to have multible client connection to a mq manager with different certificate and different channels? |
Yes...
| TBS wrote: |
One QM, multible client each with their own channel and certificate.
Is that possible ? |
Again, yes...
Each client can specify it's own key store, or use a 'common' key store with a certificate specific to that client (not a practice I recommend), and each client can specify it's own Client Channel Definition Table (CCDT) file, or use a 'common' CCDT which contains an entry specific to that client. Research the Info Centre, appropriate to your version of WMQ, for information regarding the mqclient.ini file.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| TBS |
| Posted: Fri Feb 14, 2014 1:33 am Post subject: |
|
|
Centurion
Joined: 29 Jan 2007
Posts: 143
Location: Hillerød / Denmark
|
Thanks 
And on the QM you can specify that one certificate only can be used for a specify channel ? |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Feb 14, 2014 3:02 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| TBS wrote: |
| And on the QM you can specify that one certificate only can be used for a specify channel ? |
A queue manager has one, and one only, personal certificate so you cannot have a certificate per SVRCONN. Depending on your version of WMQ you can use combinations of CHLAUTH records to lock down a specific SVRCONN to a specific Client, or use exits if your WMQ version does not support CHLAUTH records and you need hard lock down on the channels.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| TBS |
| Posted: Fri Feb 14, 2014 3:13 am Post subject: |
|
|
Centurion
Joined: 29 Jan 2007
Posts: 143
Location: Hillerød / Denmark
|
Thanks  |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Fri Feb 14, 2014 4:26 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
You can also use the SVRCONN channel's SSLPEER attribute to very specifically decide which valid incoming SSL certificate that channel will accept.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Feb 14, 2014 4:31 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| PeterPotkay wrote: |
| You can also use the SVRCONN channel's SSLPEER attribute to very specifically decide which valid incoming SSL certificate that channel will accept. |
Pretty much I now set that in CHLAUTH above V7.0 as I've found it gives me more flexibility on 'shared' SVRCONNs.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
