Author |
Message
|
velocity |
Posted: Tue Mar 11, 2008 10:41 am Post subject: Securing channels through SSL |
|
|
Centurion
Joined: 30 Nov 2007 Posts: 126
|
Hi guys!
I need to secure the channels between two queue managers- QM1 & QM2.
Both queue managers have certificates installed.
Here is my question:
Do I just need to do:
ALTER CHANNEL and change the channel attributes like SSLPEER, SSLCIPH & SSLCAUTH?? Is this the only step left to perform???
Of course, the next step will be to restart the channels to confirm that SSL handshake is successful.
Let me know if I am missing anything in between.
Thanks a Lot!! |
|
Back to top |
|
 |
marcin.kasinski |
Posted: Tue Mar 11, 2008 11:32 am Post subject: Re: Securing channels through SSL |
|
|
Sentinel
Joined: 21 Dec 2004 Posts: 850 Location: Poland / Warsaw
|
Have you tested it ?
If you have all certificates installed it should work. _________________ Marcin |
|
Back to top |
|
 |
velocity |
Posted: Tue Mar 11, 2008 11:43 am Post subject: |
|
|
Centurion
Joined: 30 Nov 2007 Posts: 126
|
Nope! I havent tested it yet....because I have to alter the channels to get SSL handshake done! That is my question! |
|
Back to top |
|
 |
jefflowrey |
Posted: Tue Mar 11, 2008 11:57 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002 Posts: 19981
|
We don't know what steps you've missed.
We don't know what steps you've performed.
All of the steps that you need to perform, and the order you need to perform them in, are clearly documented in the Security manual. _________________ I am *not* the model of the modern major general. |
|
Back to top |
|
 |
bruce2359 |
Posted: Tue Mar 11, 2008 2:24 pm Post subject: |
|
|
 Poobah
Joined: 05 Jan 2008 Posts: 9470 Location: US: west coast, almost. Otherwise, enroute.
|
It sounds like you need to create a test qmgr, and test all this.
And, all this is well documented in the MQ Security manual. Use of iKeyman utility is well documented in the iKeyman user's guide. _________________ I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
Back to top |
|
 |
velocity |
Posted: Tue Mar 11, 2008 7:47 pm Post subject: |
|
|
Centurion
Joined: 30 Nov 2007 Posts: 126
|
OOPS!!! Forgot to tell you guys!! ikeyman wont work!! I am working on
z/OS. I will still go ahead with Jefflowrys suggestion and let you guys know of any issues!
Thanks all! |
|
Back to top |
|
 |
bruce2359 |
Posted: Wed Mar 12, 2008 6:29 am Post subject: |
|
|
 Poobah
Joined: 05 Jan 2008 Posts: 9470 Location: US: west coast, almost. Otherwise, enroute.
|
Quote: |
I am working on z/OS. |
On MQ for mainframe RACF (or equivalent) manages certificates. Again, refer to the MQ Security manual for procedures to enable SSL channels. _________________ I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
Back to top |
|
 |
|