| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| ssl configured ok but need to know sslcerti |
« View previous topic :: View next topic » |
| Author |
Message
|
| xtreme_machine |
 Posted: Thu Nov 01, 2007 9:15 pm Post subject: ssl configured ok but need to know sslcerti |
 |
|
Novice
Joined: 17 Sep 2007
Posts: 23
|
Hi Guys,
i have configured the SSL with self signed certificate. our env is AIX5.2 CSD11, mq 5.3
in the doc it shows how to verify the ssl, you need to give the following command
DISPLAY CHS(QM1.TO.QM2) SSLPEER SSLCERTI
The resulting output will be similar to the following:
dis chs(QM1.TO.QM2) SSLPEER SSLCERTI
5 : dis chs(QM1.TO.QM2) SSLPEER SSLCERTI
AMQ8417: Display Channel Status details.
CHANNEL(QM2.TO.QM1) CHLTYPE(RCVR)
CONNAME(9.20.35.92) CURRENT
RQMNAME(QM1)
SSLCERTI(CN=QM1,OU="WebSphere MQ Development",O=IBM,ST=Hampshire,C=UK
SSLPEER(CN=QM1,OU="WebSphere MQ Development",O=IBM,ST=Hampshire,C=UK)
STATUS(RUNNING) SUBSTATE(RECEIVE)
XMITQ( )
i am successfully getting the sslpeer parameter but i dont get sslcerti parameter.. am i missing something .. or its available in MQ6.0
does the parameter sslpeer above safely says : SSL is configured all ok.
thks for you advise
xm |
|
| Back to top |
|
 |
| xtreme_machine |
| Posted: Thu Nov 01, 2007 10:20 pm Post subject: |
|
|
Novice
Joined: 17 Sep 2007
Posts: 23
|
Hi Guys,
any advise / thoughs are welcome !! I need to put in a presentation to my team
tks |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Fri Nov 02, 2007 2:16 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Are you using self-signed certificates? Or CA-signed certificates?
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Nov 02, 2007 2:24 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| jefflowrey wrote: |
| Are you using self-signed certificates? Or CA-signed certificates? |
| xtreme_machine wrote: |
| i have configured the SSL with self signed certificate |
IIRC (and I may not) you don't get sslcerti with self-signed certificates.
But I'm not altogether certain.
I'd try it. If the SSL authentication works, the SSL is set up correctly!
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| xtreme_machine |
| Posted: Sun Nov 04, 2007 6:27 pm Post subject: |
|
|
Novice
Joined: 17 Sep 2007
Posts: 23
|
Hi vitor, jeff,
Yep, I am using self signed certificate. But one more thing, I checked with
MQ5.3 and MQ6.0, we only get SSLCERTI with display channel status on MQ6.0, there is no channel status parameter SSLCERTI in MQ5.3.
plz let me know if my understanding / finding is correct. ALso whether sslpeer parameter on the channel status is enough to conclude that SSL is setu pall ok on MQ 5.3
thks |
|
| Back to top |
|
|
| xtreme_machine |
| Posted: Sun Nov 04, 2007 6:53 pm Post subject: |
|
|
Novice
Joined: 17 Sep 2007
Posts: 23
|
Hi,
the channels are in running state also.. is it safe to assume that SSL is working fine.
thks |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
