| Author |
Message
|
| hguapluas |
 Posted: Fri Jun 09, 2006 3:34 am Post subject: MQ SSL self-signed cert on UNIX/ZOS to/from WIN |
 |
|
Centurion
Joined: 05 Aug 2004
Posts: 105
Location: San Diego
|
Hi all,
Need info. Been reading the prior threads on SSL, specifically self-signed SSL on UNIX/ZOS but difficult to pull everything together. I have not worked on UNIX/ZOS, being our shop is primarily Windows.
We are having to create SSL connections to a ZOS system running MQ 5.3 (I don't know what CSD they've loaded). They intend to use self-signed certificate but they are vastly lacking in knowledge of SSL implementation in MQ on their side. We are using public CA on our side so I am not worried about that 1/2 of the connection. (I've already sent them the necessary root/public keys from our side to import to their key chain.)
I am concerned about what process/steps they need to perform to successfully (create and) implement the self-signed cert on their side and then export their key so I can setup on my side to create full 2-way SSL channels (SDR/RCVR pairs). Failure on their end will cause critical delay in (as usual) time-sensitive project. (I already have several successful WIN to WIN SSL connections running.) (It has been reported they've been working for 6 months on one such SSL connection to another outside source! See why I am worrying!!!)
Do any of you have "lessons learned how to implement self-signed SSL certs" in above scenario? Or pointers to other info. (It would be nice to add posts in this one as then this becomes a central lessons learned for self-signed certs).
Thanks in advance to all the gurus out there. |
|
| Back to top |
|
 |
| hguapluas |
| Posted: Fri Jun 09, 2006 3:37 am Post subject: Addt info |
|
|
Centurion
Joined: 05 Aug 2004
Posts: 105
Location: San Diego
|
| BTW, we are running W2K3 & MQ 5.3 CSD9 (yes I know it is an older CSD but higher ups worry about disruptions in upgrading to latest CSD so have to fight one battle at a time). Thanks. |
|
| Back to top |
|
|
| hguapluas |
| Posted: Fri Jun 09, 2006 5:12 am Post subject: |
|
|
Centurion
Joined: 05 Aug 2004
Posts: 105
Location: San Diego
|
|
| Back to top |
|
|
| Ivans |
| Posted: Fri Jun 09, 2006 5:55 am Post subject: |
|
|
Apprentice
Joined: 03 Jan 2006
Posts: 48
Location: Hursley
|
You may find supportpac MO04 - WebSphere MQ SSL Wizard
(http://www.ibm.com/support/docview.wss?rs=171&uid=swg24010367&loc=en_US&cs=utf-8&lang=en) useful for helping you with the GSKit/RACF/WMQ/FTP commands required.
Ian
(Author of MO04)
PS: MO04 will soon have WMQ client support too - shipping SSL client apps as both source and binaries for C, Java and JMS. Watch this space! |
|
| Back to top |
|
|
| hguapluas |
| Posted: Fri Jun 09, 2006 9:42 am Post subject: |
|
|
Centurion
Joined: 05 Aug 2004
Posts: 105
Location: San Diego
|
Thanks Ivan.
They also just found out on their end that they don't have GSK installed. Oh the joys of working with SSL for the first time on Z/OS. |
|
| Back to top |
|
|
|
|
