| Author |
Message
|
| wuyd |
 Posted: Thu Apr 14, 2005 1:06 am Post subject: |
 |
|
Novice
Joined: 11 Apr 2005
Posts: 14
|
Tibor,
If I have a MQ Server and MQ Client to communicate through ssl, and server's channel's SSLAUTH is REQUIRED, can I config like this:
Server: qmgr's certificate(public key+private key)
client's certificate(public key)
Client: qmgr's certificate(public key)
client's certificate(public key+private key)
And in java client, does MQEnvironment.userID have effect ?
wuyd |
|
| Back to top |
|
 |
| Tibor |
| Posted: Thu Apr 14, 2005 11:57 pm Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
wuyd,
| Quote: |
| And in java client, does MQEnvironment.userID have effect ? |
Yes it does when you are granted to appropriate context authority (setid).
But frankly, I don't like this because in this case the connecting applications can do *anything* in the worst scenario  Of course there are more ability to control incoming traffic: server-side channel exits, etc
Tibor |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Apr 15, 2005 7:41 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Tibor,
Shouldn't you be able to do that with some crypto programming in java.
What is the crypto interface for ?? (1.3 JCE or 1.4 JDK)
Enjoy  |
|
| Back to top |
|
|
| Tibor |
| Posted: Sat Apr 16, 2005 1:58 am Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
| Quote: |
Shouldn't you be able to do that with some crypto programming in java.
What is the crypto interface for ?? (1.3 JCE or 1.4 JDK) |
I'm not a java expert but I spent hours for configuring java + ssl. I tested it with JDK 1.4 and JDK 1.3 + JSSE.
Tibor |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Apr 16, 2005 7:31 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Sorry Tibor,
Must have missed the second page last night. My question was more about the keytool problem.
I have written a DiffieHellman crypto program and I understand that it is not easy to work with all the settings right. However there are good tutorials out there that will allow you to understand and get much more out of crypto than just the config...
Of course like in everything you need the time to investigate. And writing a crypto ready application is certainly no done in a week if you want it to be up to standards. You'll probably need a week to understand just how it is supposed to work behind the scenes... Now mind you I have not yet scratched the surface of working with keystores.... but I believe that the steepest learning curve is to understand all the concepts and frameworks.
Enjoy  |
|
| Back to top |
|
|
| Tibor |
| Posted: Sun Apr 17, 2005 10:26 am Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
fjb_saber,
If you need a little PKI online seminar  I can help you...
Tibor |
|
| Back to top |
|
|
|
|
