Author |
Message
|
thindk00 |
Posted: Tue Jun 19, 2007 7:29 am Post subject: MQClient - can it use SSL? |
|
|
Voyager
Joined: 16 May 2001 Posts: 75 Location: UK
|
Does anyone know if it is possible to configure an WMQ client application to use SSL when connecting to a Server QM, without using a Client Connection Channel? If so, how can this be achieved?
Thanks in advance. |
|
Back to top |
|
 |
jefflowrey |
Posted: Tue Jun 19, 2007 7:35 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002 Posts: 19981
|
You can't make any MQ client connections without using a Client Connection Channel.
You can't configure an MQ Client connection to use SSL without setting SSL properties on the client connection channel.
You can configure the SSL properties on a client connection channel by either defining them in a client connection channel table or by using MQCONNX or another programming construct that lets you dynamically define the client connection channel. _________________ I am *not* the model of the modern major general. |
|
Back to top |
|
 |
thindk00 |
Posted: Tue Jun 19, 2007 7:46 am Post subject: Using this in Java |
|
|
Voyager
Joined: 16 May 2001 Posts: 75 Location: UK
|
So in our Java program which is not using a client connection table (so must be dynalically creating a client connection channel?) we would need to programatically get it to pass in the SSL parameters, is that correct? Or is there another way of getting our Java based program that is not using a client connection channel table to use SSL?
Many thanks! |
|
Back to top |
|
 |
wschutz |
Posted: Tue Jun 19, 2007 7:53 am Post subject: |
|
|
 Jedi Knight
Joined: 02 Jun 2005 Posts: 3316 Location: IBM (retired)
|
V6 of mq java supports using client conn tables, if you want to. _________________ -wayne |
|
Back to top |
|
 |
thindk00 |
Posted: Tue Jun 19, 2007 7:56 am Post subject: Preference not to change, but use SSL |
|
|
Voyager
Joined: 16 May 2001 Posts: 75 Location: UK
|
Our Java adapter exists today and preferably we'd like to use SSL without making programming changes. Is that possible? |
|
Back to top |
|
 |
marcin.kasinski |
Posted: Tue Jun 19, 2007 7:58 am Post subject: Re: Preference not to change, but use SSL |
|
|
Sentinel
Joined: 21 Dec 2004 Posts: 850 Location: Poland / Warsaw
|
thindk00 wrote: |
Our Java adapter exists today and preferably we'd like to use SSL without making programming changes. Is that possible? |
No _________________ Marcin |
|
Back to top |
|
 |
jefflowrey |
Posted: Tue Jun 19, 2007 8:01 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002 Posts: 19981
|
If your java adapter today is set up to set MQEnvironment.hostname, channel and port...
Then you will have to make code changes - either to set the channel table or to set the SSL parameters (as per the clear documentation in the Using Java manual). _________________ I am *not* the model of the modern major general. |
|
Back to top |
|
 |
marcin.kasinski |
Posted: Tue Jun 19, 2007 8:05 am Post subject: |
|
|
Sentinel
Joined: 21 Dec 2004 Posts: 850 Location: Poland / Warsaw
|
If it is simple JAVA application you have to set sslCipherSuite in your code to set SSL. Other things ( keystore, truststore location and keystore password ) you can set without changing of your code. _________________ Marcin |
|
Back to top |
|
 |
angka |
Posted: Mon Jul 09, 2007 2:30 am Post subject: |
|
|
Chevalier
Joined: 20 Sep 2005 Posts: 406
|
Hi,
For .net, can we use the client connection table? If so what is the parameter to pass in? eg.
MQQueueManager qm = new MQQueueManager("A",......
"A" is the queuemanager name.
wat is the parameter needed to pass in?
Thanks |
|
Back to top |
|
 |
Vitor |
Posted: Mon Jul 09, 2007 2:50 am Post subject: |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
Isn't the table exposed to .NET as a managed connection?
Failing that, request a connection to a queue manager named in the table. That should work. Unless someone knows different. _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
angka |
Posted: Mon Jul 09, 2007 3:09 am Post subject: |
|
|
Chevalier
Joined: 20 Sep 2005 Posts: 406
|
Hi,
You mean managed client connection? If so it does not support SSL.
I need the client connection table because i may need to connect to different Server connection channel..
Thanks |
|
Back to top |
|
 |
Vitor |
Posted: Mon Jul 09, 2007 3:14 am Post subject: |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
angka wrote: |
I need the client connection table because i may need to connect to different Server connection channel..
|
Then you need to quote a recognised queue manager name. I'm almost certain it works. Almost.  _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
angka |
Posted: Mon Jul 09, 2007 3:18 am Post subject: |
|
|
Chevalier
Joined: 20 Sep 2005 Posts: 406
|
Hi,
I did quote a recognised queuemanager name without any other parameter. It gives "application error".
You mean .net will get to the client connection table without doing anything extra? Thanks |
|
Back to top |
|
 |
Vitor |
Posted: Mon Jul 09, 2007 3:25 am Post subject: |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
Provided the client table is properly located by environment variable or other, more .NET specific property.
I'll again underline that this is theoretical knowledge and would welcome comments from anyone with recent experience. _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
angka |
Posted: Mon Jul 09, 2007 3:28 am Post subject: |
|
|
Chevalier
Joined: 20 Sep 2005 Posts: 406
|
Hi,
I tested the environment variable using rfhutilc.exe so there shldn't be any problem with the setting.
I am coding using VS.NET 2005. Thanks |
|
Back to top |
|
 |
|