| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| CMP API Excerciser: Where to put JKS's password ~ .broker? |
« View previous topic :: View next topic » |
| Author |
Message
|
| t603 |
 Posted: Tue Mar 18, 2014 8:36 am Post subject: CMP API Excerciser: Where to put JKS's password ~ .broker? |
 |
|
Voyager
Joined: 16 Oct 2012
Posts: 88
Location: Prague, the Czech Republic, Europe
|
Hello,
I want to connect to the Broker 7.0.0.4 via CMP API Excerciser using .broker configuration file. I have secure connection to the Broker. I can connect to the Broker from MQ Explorer from the same computer using the same .broker content (copy of it), but while connecting, I am prompting for password to access JKS by MQ Explorer, but I am not prompted by CMP API Excersiser for password.
Can I ask You, where I have to put password for JKS store defined in .broker? In .broker itself? I was looking for the definition of .broker, but found nothing.
Thank You in advance. Stepan
My .broker:
| Code: |
<?xml version="1.0" encoding="UTF-8"?>
<configmgr
crlNameList=""
domainName=""
host="my.server.my.domain"
listenerPort="1414"
queueManager="BK1.QM"
securityExit=""
securityExitJar=""
sslCipherSuite="SSL_RSA_WITH_NULL_SHA"
sslDistinguishedNames=""
sslKeyStore="D:\Users\Public\Documents\Certifikaty pro pristup k brokerum v MQ Exploreru\key.jks"
sslTrustStore="D:\Users\Public\Documents\Certifikaty pro pristup k brokerum v MQ Exploreru\key.jks"
svrconn="SCC_SYS"/> |
Error from CMP API Excersciser:
| Code: |
17:19:20Â ---->Â cmp.exerciser.ClassTesterForBrokerProxy.testConnectToRemoteBroker("C:\temp\BrokerJavaCmpApiExcersiser ACC\test.broker")
17:19:20Â Â Â Â Â Could not connect to the broker's queue manager.
17:19:20Â Â Â Â Â
17:19:20Â Â Â Â Â com.ibm.broker.config.proxy.ConfigManagerProxyLoggedException: Key store format error or invalid parameters passed (for example, wrong password)
at com.ibm.broker.config.proxy.MQConnectionHelper.connectToMQ(MQConnectionHelper.java:500)
at com.ibm.broker.config.proxy.MQSender.connect(MQSender.java:414)
at com.ibm.broker.config.proxy.MQSender.<init>(MQSender.java:291)
at com.ibm.broker.config.proxy.MQBrokerConnectionParameters.getSender(MQBrokerConnectionParameters.java:565)
at com.ibm.broker.config.proxy.MQPropertyFileBrokerConnectionParameters.getSender(MQPropertyFileBrokerConnectionParameters.java:450)
at com.ibm.broker.config.proxy.BrokerProxy.<init>(BrokerProxy.java:289)
at com.ibm.broker.config.proxy.BrokerProxy.getInstance(BrokerProxy.java:777)
at cmp.exerciser.ClassTesterForBrokerProxy.doRemoteConnectAction(ClassTesterForBrokerProxy.java:579)
at cmp.exerciser.ClassTesterForBrokerProxy.testConnectToRemoteBroker(ClassTesterForBrokerProxy.java:498)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at cmp.exerciser.CommandThread.invokeCommand(CommandThread.java:317)
at cmp.exerciser.CommandThread.run(CommandThread.java:261)
at java.lang.Thread.run(Thread.java:738)
17:19:20Â Â Â Â Â
17:19:20Â <----Â cmp.exerciser.ClassTesterForBrokerProxy.testConnectToRemoteBroker |
|
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Tue Mar 18, 2014 8:35 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
You'll find the same problem using mqsideploy.
The passwords are supposed to be in the environment variables IBM_JAVA_OPTIONS in the form :
-Djavax.net.ssl.keyStorePassword=value... and the same way for the truststore.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Wed Mar 19, 2014 7:06 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
fjb_saper,
Interesting, I see it is documented in the Info Center and I have added this to my SSL documentation. This is true for all mqsi* commands that have the -n .broker option.
Thx |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Mar 19, 2014 8:16 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| JosephGramig wrote: |
fjb_saper,
Interesting, I see it is documented in the Info Center and I have added this to my SSL documentation. This is true for all mqsi* commands that have the -n .broker option.
Thx |
I know... makes you feel really fuzzy about the security of the keystore and truststore files...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Thu Mar 20, 2014 6:10 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
@fjb_saper,
There is much to consider about securing the SSL PKI. It is often too difficult and expensive for most institutions to get anything close to right.
imho, something is better than nothing... |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
