| Author |
Message
|
| amita09 |
 Posted: Sun Nov 20, 2005 5:12 pm Post subject: MQ SSL basic question |
 |
|
Novice
Joined: 13 Oct 2005
Posts: 24
|
My understanding is SSL can be enabled between 2 Queue Managers across 2 different MQ installations on 2 physical machines. Client Authentication can also be enabled.
Question is : Besides QM to QM SSL connection, If I want to trust ONLY my application from putting messages in a Queue, Can I also use SSL Client Authentication to make sure there is an SSL connection between my Application and the Queue Manager? I am thinking I can make use of SSL to trust only those apps which provide a valid Client certificate.. Am I correct to say that ? |
|
| Back to top |
|
 |
| wschutz |
| Posted: Sun Nov 20, 2005 6:05 pm Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
No, SSL is only for channel to channel communications. It has nothing to do with MQ applications.
_________________
-wayne |
|
| Back to top |
|
|
| vennela |
| Posted: Mon Nov 21, 2005 3:22 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
| I think this is achievable. |
|
| Back to top |
|
|
| wschutz |
| Posted: Mon Nov 21, 2005 3:34 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
| vennela wrote: |
| I think this is achievable. |
Please explain. Perhaps I mis-understood the question.
_________________
-wayne |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Nov 21, 2005 3:53 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
The question seems to be to me, "Can I use client certificates to ensure that only specific applications can access my queue managers". And the answer to that is "Yes" - as long as the certificates are tightly controlled and care is taken to ensure that they are only on particular machines and only accessible to particular users and applications.
But it's not SSL entirely that does it, it's the combination of SSL and regular resource security at the OS level.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| wschutz |
| Posted: Mon Nov 21, 2005 4:16 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
| Quote: |
| nd only accessible to particular users and applications. |
Okay, I understand the "user access" bit, but how do you control application access to the certs?
_________________
-wayne |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Nov 21, 2005 4:35 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| wschutz wrote: |
| Quote: |
| nd only accessible to particular users and applications. |
Okay, I understand the "user access" bit, but how do you control application access to the certs? |
Apps run as users.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
