| Author |
Message
|
| prithun |
 Posted: Tue Dec 20, 2005 3:41 am Post subject: Enabling SSL with already installed MQ Series |
 |
|
Apprentice
Joined: 08 Apr 2005
Posts: 33
|
I am using WebSphere MQ-5.3 on Linux. I am using C++ MQ APIs in my applications.
How to enable the SSL with already installed MQ Series?
Will there be any API changes?
Your help is highly appreciated. |
|
| Back to top |
|
 |
| wschutz |
| Posted: Tue Dec 20, 2005 4:16 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
SSL is used on the MQ channels between two amgrs, so your applications don't change
(and don't know that SSL is being used).
For setup, read the relevant chapters on SSL in the MQ Security manual, it tells you how to setup certificates, keywtores, etc. Make sure you have MQSeriesKeyMan and gskit installed.
_________________
-wayne |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Dec 20, 2005 4:18 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I think SSL can be used on client channels.
So if prithun is using a client connection, AND using MQCONNX, then the code needs to change to fill in the necessary information.
Otherwise, the app needs to switch from using MQSERVER to using the client table environment variables and specify the SSL on the client tables.
I think.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| wschutz |
| Posted: Tue Dec 20, 2005 4:24 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
| jefflowrey wrote: |
I think SSL can be used on client channels.
So if prithun is using a client connection, AND using MQCONNX, then the code needs to change to fill in the necessary information.
Otherwise, the app needs to switch from using MQSERVER to using the client table environment variables and specify the SSL on the client tables.
I think. |
Or, the client could use client channel tables, and then there is no change. 
_________________
-wayne |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Dec 20, 2005 4:32 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| wschutz wrote: |
| Or, the client could use client channel tables, and then there is no change. |
Right. And there's no change if the app is using server bindings.
Since the original poster didn't specify, I thought it instructive to show the full range of complexity.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| prithun |
| Posted: Mon Jan 09, 2006 10:27 pm Post subject: |
|
|
Apprentice
Joined: 08 Apr 2005
Posts: 33
|
I have installed both the rpms that is needed for SSL.
gsk6bas-6.0-3.33.i386.rpm
MQSeriesKeyMan-5.3.0-1.i386.rpm
I installed gsk6bas-6.0-3.33.i386.rpm with option --nodeps since it was showing
error: Failed dependencies:
libstdc++.so.3 is needed by gsk6bas-6.0-3.33
Now when I started with Setting up a key repository,gsk7cmd is not working .
Is there some other setups which I should do before setting up the key repository? |
|
| Back to top |
|
|
| prithun |
| Posted: Tue Jan 10, 2006 1:06 am Post subject: |
|
|
Apprentice
Joined: 08 Apr 2005
Posts: 33
|
Sorry, I was giving the wrong command..
But when I execute the command like this I get error.
# gsk6cmd -keydb -create -db mqdb -pw qwerty -type cms -expire 999 -stash
/bin/gsk6cmd: line 222: [: =: unary operator expected
/bin/gsk6cmd: line 1: 16012 Segmentation fault /opt/mqm/ssl/jre/bin/java -classpath /usr/local/ibm/gsk6/classes/cfwk.zip::.:/usr/local/ibm/gsk6/classes/gsk6cls.jar:/usr/local/ibm/gsk6/classes:/usr/local/ibm/gsk6/classes/swingall.jar:: -Dkeyman.verbose=true com.ibm.gsk.ikeyman.ikeycmd -keydb -create -db 'mqdb' -pw 'qwerty' -type 'cms' -expire '999' -stash
Can anybody help? |
|
| Back to top |
|
|
| prithun |
| Posted: Tue Jan 10, 2006 3:59 am Post subject: |
|
|
Apprentice
Joined: 08 Apr 2005
Posts: 33
|
I got it,
/opt/mqm/ssl/jre/bin/java was not working,
When I gave another path for JAVA it is ok |
|
| Back to top |
|
|
| prithun |
| Posted: Tue Jan 10, 2006 5:21 am Post subject: |
|
|
Apprentice
Joined: 08 Apr 2005
Posts: 33
|
I found in following url that "make sure GSKit is installed first"
http://www-1.ibm.com/support/docview.wss?uid=swg21157537
I have MQSeriesRuntime,MQSeriesSDK and MQSeriesServer rpms installed in my application. Now if I add the following rpms to enable SSL will there be any problem?
1)gsk6bas-6.0-3.33.i386.rpm and
2)MQSeriesKeyMan-5.3.0-1.i386.rpm |
|
| Back to top |
|
|
|
|
