| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ, Java and SSL using JCEKS KeyStore |
« View previous topic :: View next topic » |
| Author |
Message
|
| RogerLacroix |
 Posted: Wed Apr 11, 2007 1:35 pm Post subject: MQ, Java and SSL using JCEKS KeyStore |
 |
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
All,
I'm adding SSL support to MQ Visual Edit (letting the cat out of the bag!). I used the following web pages as a reference.
http://www-128.ibm.com/developerworks/websphere/library/techarticles/0510_fehners/0510_fehners.html
http://www-128.ibm.com/developerworks/websphere/techjournal/0211_yusuf/yusuf.html
Several people are testing it and life looks good but one person reported that it had issues with 'a JCEKS key store at the client end'.
I have read lots about MQ/SSL but I have never implemented / configured or tested SSL with MQ. So, I searched the web and came across the following statement:
| Quote: |
| When using a JCEKS KeyStore, if the KeyStore is created with a Sun JDK, it cannot be loaded by the key stores created by the IBM JDK. The problem relates to Sun storing provider information in the KeyStore and the references class not being available in the IBM JDK. |
MQ Visual Edit is using Sun JRE, so based on the above statment would the opposite be true? i.e.
| Quote: |
| If the KeyStore is created with an IBM JDK, it cannot be loaded by the key stores created by the Sun JDK. |
Does this make sense? If not, what would the problem be?
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Wed Apr 11, 2007 1:43 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
As you well know Roger there are multiple key stores formats available in JCE.
From you post it looks like you are using the JCE add on to a java 1.3 install where if my memory serves me right the only default delivered key store was JCEKS, for others you needed a different JCE implementation...
In this case you would have to load the certificates into the JCEKS store using the provided tools like keytool... and could only use it for the client side ... and I don't know if this implementation would cater for all the crypto algorythms needed.
With the 1.4 implementation you have a bigger choice of keystore formats, so use one that is compatible....
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Wed Apr 11, 2007 2:06 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| RogerLacroix wrote: |
| I have read lots about MQ/SSL but I have never implemented / configured or tested SSL with MQ. |
| fjb_saper wrote: |
| As you well know Roger there are multiple key stores formats available in JCE. |
Actually, no I don't. 
The Java / MQ code is compiled using Sun JDK 1.4.2_13 and is running in Sun JRE 6.0_01. I don't what version of the keystore tool they are using but I will ask.
Regards,
Roger Lacroix
Capitalware inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
