| Author |
Message
|
| mq_crazy |
 Posted: Thu Sep 14, 2006 6:28 am Post subject: security |
 |
|
Master
Joined: 30 Jun 2004
Posts: 295
|
| I have this requirement for setting up encryption on our messages. It is a windows 2003 MQ 6.0 to AIX MQ 5.3 communication via sender/receiver channel pair. This is the firt time i am working on the encryption, what do you recommend SSL\channel exit?? Any recommendations for a tool to buy and set it up easily. |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Thu Sep 14, 2006 6:30 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Do you need to secure the communication? or the messages?
The Base MQ will only let you secure the communication - the channel.
If you need the messages to be secure/encrypted ON the queue, you have to either use WebSphere MQ Extended Security Edition or third-party tool.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| mq_crazy |
| Posted: Thu Sep 14, 2006 6:46 am Post subject: |
|
|
Master
Joined: 30 Jun 2004
Posts: 295
|
| Thanks jeff for the reply. I want to basically secure the message. Which third party tool do you recommend?? |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Sep 14, 2006 7:03 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I am not aware of any third party tools. That doesn't mean there *aren't* any.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| mq_crazy |
| Posted: Thu Sep 14, 2006 7:15 am Post subject: |
|
|
Master
Joined: 30 Jun 2004
Posts: 295
|
| I mean SSL is the best approach?? Do you have any recommendations for getting those from any particular company?? |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Sep 14, 2006 7:20 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
The SSL support that is provided with MQ will NOT encrypt messages on the queue.
It ONLY encrypts the MQ channel traffic.
In general, "SSL" means "Secure Socket Layer", and so usually always only refers to SOCKET traffic - over the network and not on local storage.
I do not have any particular recommendations for securing messages on the queue. The only product that I know of that does this is the WebSphere MQ Extended Security Edition.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| mq_crazy |
| Posted: Thu Sep 14, 2006 7:27 am Post subject: |
|
|
Master
Joined: 30 Jun 2004
Posts: 295
|
| Sorry jeff to mislead you, we don't want the message secured in the queue, we want them secured only while transmission between the sender and the receiver channel. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Sep 14, 2006 7:38 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Then SSL is fine.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| mq_crazy |
| Posted: Thu Sep 14, 2006 7:45 am Post subject: |
|
|
Master
Joined: 30 Jun 2004
Posts: 295
|
| Any recommendations to get those from a particular provider?? |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Sep 14, 2006 7:47 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
It's *built-in*.
Try reading the Security Manual.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| mq_crazy |
| Posted: Thu Sep 14, 2006 9:16 am Post subject: |
|
|
Master
Joined: 30 Jun 2004
Posts: 295
|
|
| Back to top |
|
|
| vennela |
| Posted: Thu Sep 14, 2006 10:12 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
| mq_crazy wrote: |
| Any recommendations to get those from a particular provider?? |
When you say provider do you mean CA signed certs? |
|
| Back to top |
|
|
| mq_crazy |
| Posted: Thu Sep 14, 2006 12:06 pm Post subject: |
|
|
Master
Joined: 30 Jun 2004
Posts: 295
|
|
| Back to top |
|
|
| FZoli |
| Posted: Thu Sep 21, 2006 6:11 am Post subject: SSL MQ Client |
|
|
Newbie
Joined: 27 Aug 2006
Posts: 2
|
Hi!
I have a problem with MQ client connection with SSL.
I have a client connection without SSL, and it works fine.
I need to setup SSL connecton. I set the ssl key repository
(set MQSSLKEYR=D:\mqm53\!DEFAULT.STO) and the certificates:
amqmcert -a -p PERSONAL_CERT_FILE -z cms
amqmcert -a -s CA_CERT_FILE -z cms
amqmcert -d HANDLE
And I set the SSLCIPH attribute on server connection channel TRIPLE_DES_SH_US
After that the command: amqsputc Queue QM writes the folowing error:
Sample AMQSPUT0 start
MQCONN ended with reason code 2393
Can you tell what is the problem? Did anybody see a client SSL connection working?
Thanks,
Zoli |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Sep 21, 2006 6:35 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
In order for amqsputc to use the SSL, you will have to also configure a client connection channel for the server connection channel you are using, and set the environment variables to point to the client connection table (AMQSCLCHL.TAB), instead of using MQSERVER.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
