| Author |
Message
|
| anantha sreenivasan |
 Posted: Tue Mar 27, 2007 5:21 am Post subject: Establishing SSL Connection in MQ V6.0 |
 |
|
Acolyte
Joined: 26 Sep 2006
Posts: 72
|
| Can somebody guide in establishing a SSL Connection between queue managers using Authentication Certificates? |
|
| Back to top |
|
 |
| Vitor |
| Posted: Tue Mar 27, 2007 5:27 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Which parts of the procedure described in the Security manual do you need clarification on?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| wschutz |
| Posted: Tue Mar 27, 2007 10:52 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
and there's a few excellent supportpacs for SSL, including:
MO04: WebSphere MQ SSL Wizard[/b]
_________________
-wayne |
|
| Back to top |
|
|
| anantha sreenivasan |
| Posted: Tue Mar 27, 2007 10:59 am Post subject: |
|
|
Acolyte
Joined: 26 Sep 2006
Posts: 72
|
Actually, I did a SSL Connectivity using MQ V5.3 Queue Managers, where my queue managers use certificate obtained from globalsign.com and transact the encrypted data.
I update the keystore using amqmcert command. But this command is not supported in MQ V6.0.
So how to proceed by doing SSL Connectivity between MQ V6.0 Queue Managers? |
|
| Back to top |
|
|
| wschutz |
| Posted: Tue Mar 27, 2007 11:08 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Mar 27, 2007 11:54 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Perhaps I should have been clearer; when I said "Security manual", I should really have said "Security manual or it's online version". 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| gyadavil |
| Posted: Thu May 17, 2007 12:55 pm Post subject: Re: Establishing SSL Connection in MQ V6.0 |
|
|
Acolyte
Joined: 01 Feb 2005
Posts: 62
|
[quote="anantha sreenivasan"]Can somebody guide in establishing a SSL Connection between queue managers using Authentication Certificates?[/quote]
Not sure whether you want to do the same as I am going to explain or not. I did setup SSL for a SVR CONN Channel and it is pretty stright forward.
I would suggest to use GUI tool to generate the certificate and repository even from UNIX box.
1. Start the GUI
2. Create a CMS KeyRepository eg: SampleKeyRep.kdb
3. Add the Personal Certificate by just giving required information. I didin't try to play around with optional values.
4. I read somewhere the certificate lable must be ibmwebspheremq<qmgrname> all in lower case. Don't ask me what you need to use if you want to generate two certificates on the same queue manager. You got to try that for yourself.
4. Extract the SelfSigned Certificate eg; cert_ibmwebspheremq<qmgr>.arm
5. Set the QM Key Repository attribute to have this new key repository. Don't use the extention .kdb here
6. For one way communication, set SSLAUTH value on your channel to OPTIONAL and SSLCIPH value to a encryption algorithm. Make sure you pickup the algorithm based on your FIPS setting on QM.
7. Provide the extracted certificate to your client and also the CIPH value you used. I asked my client to use the same lable when they extracted the certificate.
For two way authentication, you need to set the SSLAUTH to REQUIRED and install client certificate in your Key Repository.
This worked for me for a JAVA client to connect to my QM and use this SSL feature. |
|
| Back to top |
|
|
| marcin.kasinski |
| Posted: Thu May 17, 2007 1:09 pm Post subject: Re: Establishing SSL Connection in MQ V6.0 |
|
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
|
| Back to top |
|
|
|
|
