| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ unix server and MQ win client with SSL - Help |
« View previous topic :: View next topic » |
| Author |
Message
|
| ma.eyal |
 Posted: Tue Sep 13, 2005 12:55 am Post subject: MQ unix server and MQ win client with SSL - Help |
 |
|
Novice
Joined: 13 Sep 2005
Posts: 15
Location: Israel
|
Hello.
I am trying to connect a windows client using SSL to a MQ server on a unix aix system.
I didn't understand entirely the procedure of using channel tables, and since the application is not changeable, I cannot place the use of the SSL into the application, so I need to place the SSL connection on the infrastructure itself.
I tried to find a SSL tutorial, and found the one in the repository, but it keeps getting stuck on 570K so I cant download it all.
What I did so far is to create a certificate for the client, placed it in the unix Qmgr key-repository and installed it in the windows client in the explorer.
Now what is next? How I tell the client what SSL certificate to use on the connection?
Thank you. |
|
| Back to top |
|
 |
| Mr Butcher |
| Posted: Tue Sep 13, 2005 2:42 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
read the client manual, it will tell you how to use a channel table.
i once tested ssl with windows client (i used openssl and amqmcert), this is what i did
create channel table, give to client, set MQCHLLIB and MQCHLTAB
set MQSSLKEYR to key storage (use system variable)
"amqmcert -l" to create a key storage
create keys and import to keyring using amqmcert (depending on your ssl setups (signed, nonsigned, ca keys, ...))
assign key to client using amqmcert
make sure MQSERVER is not set
use amqsputc
voila, have fun! 
_________________
Regards, Butcher |
|
| Back to top |
|
|
| ma.eyal |
| Posted: Tue Sep 13, 2005 11:40 pm Post subject: |
|
|
Novice
Joined: 13 Sep 2005
Posts: 15
Location: Israel
|
Thank you.
It was alot of help.
But now the next problem 
I transfered the AMQCLCHL.TAB from the unix system to the windows system using ftp (binary).
I set the system variables as follow :
| Code: |
set MQSERVER=
set MQCHLLIB=C:\MQClient
set MQCHLTAB=AMQCLCHL.TAB
set MQSSLKEYR=C:\MQClient\Certs |
I also placed the ssl keys into the Certs key repository using amqmcert.
| Code: |
amqmcert -l
amqmcert -k ROOT -a xxx - This because the client ssl was placed in the Root
amqmcert -a -s ca.cer |
When I try to run amqsputc QL.Q1 qm1 (name of the qmgr is in lower-cases in the unix if it matters), and I get 2058.
The AMQCLCHL.TAB contains both entried of SYSTEM.DEF.CLNTCONN and the test client connection channel I defined as TEST.CLNTCONN. Boht point the the unix system ip and ports with the conname parm.
I must have missed something, since I can't even get to the qmgr...
Thank you. |
|
| Back to top |
|
|
| JasonE |
| Posted: Wed Sep 14, 2005 12:54 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
2058 == MQRC_Q_MGR_NAME_ERROR
Make sure your client conn definition has a qmname('qm1')
If it still fails, can you post the clientconn and corresponding svrconn definitions (removing any private info) |
|
| Back to top |
|
|
| ma.eyal |
| Posted: Wed Sep 14, 2005 1:31 am Post subject: |
|
|
Novice
Joined: 13 Sep 2005
Posts: 15
Location: Israel
|
Got it! 
The client connection channel and the server connection channels where not of the same name. 
It works now.
Thank you for the help. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
