ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » Simple SSL Setup Question

Post new topic  Reply to topic
 Simple SSL Setup Question « View previous topic :: View next topic » 
Author Message
mqwhelan
PostPosted: Fri Nov 09, 2007 10:41 am    Post subject: Simple SSL Setup Question Reply with quote

Newbie

Joined: 09 Nov 2007
Posts: 2
Location: Beverly
We are new to MQ. We just starting to use SSL in our test enviornment and have a simple question. The Client doc says that you can use the MQCONNX API for specifying whats needed for SSL: namely the CipherSpec, Key Repository, and so forth. It also says that this has the highest precedence over using the channel definition table suggesting that you don't need to use channel definition tables on the client. We tried changing our existing code (MQCONN API) without SSL and to use the MQCONNX with the SSL specs and got MQCONNX error code 2393 on the client and the following error in the server log:

----- amqzfubn.c : 1990 -------------------------------------------------------
11/9/2007 11:13:45 - Process(5768.20162) User(MUSR_MQADMIN) Program(amqrmppa.exe)
AMQ9639: Remote channel 'S_win2003server1' did not specify a CipherSpec.

EXPLANATION:
Remote channel 'S_win2003server1' did not specify a CipherSpec when the local channel expected one to be specified. The channel did not start.
ACTION: Change the remote channel 'S_win2003server1' to specify a CipherSpec so that both ends of the channel have matching CipherSpecs.

Before we ran the test, on the server, we did change S_win2003server1's SSL property to use SSL CipherSpec NULL_MD5 to match the MQCONNX call.

Our non-SSL testing used the MQSERVER variable to communicate with the server. Will MQCONNX work like this or do we need to change our configuration?

We would also like to know if we can have the sys admin setup the SSL without engaging our sw engineer. In other words, can our original MQCONN code work with SSL by having the sys admin setup the SSL? If so, how?


Thanks,
T
Back to top
View user's profile Send private message
jefflowrey
PostPosted: Fri Nov 09, 2007 11:32 am    Post subject: Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981
If you use MQCONNX, then your code has to fully specify every piece of the connection information.

If you use the MQ Client Channel Tables, then your code doesn't have to specify any information at all, and the MQ Administrator has full control over the communication information.
_________________
I am *not* the model of the modern major general.
Back to top
View user's profile Send private message
mqwhelan
PostPosted: Fri Nov 09, 2007 12:00 pm    Post subject: Reply with quote

Newbie

Joined: 09 Nov 2007
Posts: 2
Location: Beverly
Thanks for your quick response. So, just to be sure that I completely understand, then we should be able to use the MQCONN API in our code with the MQ Client Channel Tables and have the Sys Admin control all of the SSL configuration. Is that right? I would think that this method would be preferred as it gives the control over to the Sys Admin Staff.

Thanks again,
T
Back to top
View user's profile Send private message
PeterPotkay
PostPosted: Fri Nov 09, 2007 12:28 pm    Post subject: Reply with quote

Poobah

Joined: 15 May 2001
Posts: 7722
That is correct.
_________________
Peter Potkay
Keep Calm and MQ On
Back to top
View user's profile Send private message
JosephGramig
PostPosted: Fri Nov 09, 2007 1:00 pm    Post subject: Reply with quote

Grand Master

Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
Be sure to build that Client Connection Definition Table (CCDT) with the runmqsc command and not with MO72. MO72 has issues with building the SSL parts in the CCDT and support will tell you to use runmqsc (which is supported).

The author of MO72 knows of the issues and is working to fix them but he has other duties too...
_________________
Joseph
Administrator - IBM WebSphere MQ (WMQ) V6.0, IBM WebSphere Message Broker (WMB) V6.1 & V6.0
Solution Designer - WMQ V6.0
Solution Developer - WMB V6.1 & V6.0, WMQ V5.3
Back to top
View user's profile Send private message AIM Address
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » Simple SSL Setup Question
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.