| Author |
Message
|
| srvm |
 Posted: Thu Jan 27, 2005 10:39 am Post subject: SSL Configuration for Failover and DR |
 |
|
Apprentice
Joined: 18 Aug 2004
Posts: 43
|
I have a disk replication of the log and data file for queuemanager to failover. However, the machine's IP would change at the failover.
a. Do I need to obtain 1 certificate per machine and the keydb should not be shared on failover? [separate keydb's on each machine - local disk]
Reason I ask, if I obtained three certs for each box for the same qm name I will have to have three keystore, beacuse I wont't be able to store them in one key.kdb w/ the same label name. And I don't think I can use a different label name.
If anyone has any experience with this, please reply.
Thank you.
Raj |
|
| Back to top |
|
 |
| Tibor |
| Posted: Fri Jan 28, 2005 5:50 am Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
Raj,
You don't need a certificate for machine but qmgr. So making a disk replication will be eligible ... of course when SSL key repository files are in this area  e.g. /var/mqm/qmgrs/<qmname>/ssl directory on Unix.
It's not always true on Windows because certificates are stored in the registry.
HTH,
Tibor |
|
| Back to top |
|
|
| srvm |
| Posted: Fri Jan 28, 2005 8:03 am Post subject: |
|
|
Apprentice
Joined: 18 Aug 2004
Posts: 43
|
Thank you, Tibor.
The disk are more like shared (HA). Sorry! for using replication term.
Looks like what you are suggesting is that the Certificate using CN including DNS name would be all right to use on the other machine when the failover happens. The mount disks get mounted on the FO box and all the /var/* is available on the other box including the key db. So, I conclude that only one certificate is good for all the three boxes.
Raj |
|
| Back to top |
|
|
| srvm |
| Posted: Fri Jan 28, 2005 11:37 am Post subject: |
|
|
Apprentice
Joined: 18 Aug 2004
Posts: 43
|
| Forgot to ask, if there is any Redbook or Manual discussing this? May be not, but just being optimistic.... |
|
| Back to top |
|
|
| Tibor |
| Posted: Mon Jan 31, 2005 3:18 am Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
|
| Back to top |
|
|
| srvm |
| Posted: Mon Jan 31, 2005 6:50 am Post subject: |
|
|
Apprentice
Joined: 18 Aug 2004
Posts: 43
|
Thanks Tibor.
I think I should have been more specific in my earlier posting. I was looking for Failover/DR topic being discussed anywhere. I have read this doc before I started on SSL.
Raj |
|
| Back to top |
|
|
|
|
