ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Multiple ssl certificate in WMB 8.0.0.2

Post new topic  Reply to topic
 Multiple ssl certificate in WMB 8.0.0.2 « View previous topic :: View next topic » 
Author Message
sunilkdj
PostPosted: Fri Jun 06, 2014 10:29 am    Post subject: Multiple ssl certificate in WMB 8.0.0.2 Reply with quote

Newbie

Joined: 01 Mar 2013
Posts: 7
Hi All,

I have generated two SSL certificates and both the certificates are present in one Keystore. And the keystore is associated with Broker and eg.

I have shared one certificate to one application and another to another application who sends the messages to the application where the certificates are generated?

I have not tested this. Kindly let me know if having two SSL certificates in single keystore and two applications are trying to connect and is that works?
Back to top
View user's profile Send private message
Vitor
PostPosted: Fri Jun 06, 2014 10:39 am    Post subject: Re: Multiple ssl certificate in WMB 8.0.0.2 Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
sunilkdj wrote:
I have not tested this. Kindly let me know if having two SSL certificates in single keystore and two applications are trying to connect and is that works?


Why not? Probably faster than posting here and waiting for a reply.

sunilkdj wrote:
I have generated two SSL certificates and both the certificates are present in one Keystore. And the keystore is associated with Broker and eg.


By which can we take it to mean you've generated 2 public/private certificate pairs and you've add one half to the broker's keystore? And you expect you to guess what half of the pair?

sunilkdj wrote:
I have shared one certificate to one application and another to another application who sends the messages to the application where the certificates are generated?


No application should be generating any certificates. Clearly again you expect use to guess which certificates you're sharing.

We can't possibly tell you if this is going to work. You make no reference to the trust store and if no-one trusts the certificates it doesn't matter if you've done it right or not. You also don't make any reference to how the applications you've shared the certificates with plan to use them. Web services? WMQ messages? Just stored in a keystore in the hope that's good enough.

1 quick test will give you much more information than any reply here possibly could from what you've told us.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
sunilkdj
PostPosted: Fri Jun 06, 2014 5:19 pm    Post subject: Reply with quote

Newbie

Joined: 01 Mar 2013
Posts: 7
The Applications use the web services. The both the certificates generated are the privatekeys.

Actually the certificate which the applications are using, is got expired. even after the expiry the web services are working.

I have used the below command to generate key.

gsk7cmd -cert -create
-db keystore_name
[-pw password]
-label cert_label
-dn "distinguished_name"

Now, I have created the new certificate and provided the new certificate to the applications.

So, now As I am having both the certificates in the keystore as generated by the above command. If one of the applications not changed to the new certificate which I have provided. Does both the applications still be able to communicate?

This is the production issue and we can not test.
Back to top
View user's profile Send private message
Vitor
PostPosted: Mon Jun 09, 2014 4:10 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
sunilkdj wrote:
Actually the certificate which the applications are using, is got expired. even after the expiry the web services are working.


Then your SSL configuration is hosed. New certificates will not fix this.

sunilkdj wrote:
This is the production issue and we can not test.


And you only have a production environment? There's nowhere else on your site you can test?
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Multiple ssl certificate in WMB 8.0.0.2
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.