| Author |
Message
|
| gfrench |
 Posted: Thu Mar 13, 2008 6:03 am Post subject: Caching of SSL Certificates |
 |
|
Acolyte
Joined: 10 Feb 2002
Posts: 71
|
I'm using MQ 6.0.0, XP, and SSL test certificates from verisign (rather than self signed). I've got SDR/RCVR channels working and all is fine.
When I remove a certificate from the key database, the channel continues to work.
When I refresh security type(ssl) the channel continues to work
When I restart the queue manager the channel continues to work!
When I reboot the machine the channel final fails and goes into retrying.
I add the certificate in and it starts working again.
Does this mean the SSL certificates are cached in the XP somewhere? Just seems a little strange that I have to go to such levels to break the channel after removing the certificate. Anyone any ideas? |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Thu Mar 13, 2008 7:18 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9472
Location: US: west coast, almost. Otherwise, enroute.
|
SSL handshake occurs when the channels attach (start).
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| gfrench |
| Posted: Thu Mar 13, 2008 10:57 am Post subject: |
|
|
Acolyte
Joined: 10 Feb 2002
Posts: 71
|
| I know when the handshake takes place. I am interested in why it works when I've removed a certificate at one end! |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Thu Mar 13, 2008 11:02 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9472
Location: US: west coast, almost. Otherwise, enroute.
|
| Quote: |
| I am interested in why it works when I've removed a certificate at one end! |
Because, for a running channel, the handshake has already taken place. Most/many channel attributes don't take effect until the channel is stopped and restarted.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| gfrench |
| Posted: Fri Mar 14, 2008 1:32 am Post subject: |
|
|
Acolyte
Joined: 10 Feb 2002
Posts: 71
|
The disconnect interval is set to 10 seconds so when I say the channel continues to work, I meant, the channel triggers, initialiases and starts sending messages.
I've got SSLCAUTH=Required on receiver of sdr/rcvr pair
I delete either the receiver or senders personal certificate and the channel still starts up and sends messages. I refresh security and channels still starts and send msgs. I restart queue manager and it still continues to start and send msgs. The only way I can get an error is when I reboot the windows environment and then the channel goes into retrying and fails with an SSL error.
Is windows caching the certificates? I can't think of any other logical explanation. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Mar 14, 2008 6:39 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9472
Location: US: west coast, almost. Otherwise, enroute.
|
Most/many channel attributes don't take effect until the channel is stopped and restarted.
Stopped means the channel goes into STOPPED state. Disconnect interval causes the channel to go into INACTIVE state, which is not stopped.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Fri Mar 14, 2008 9:21 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
I don't know about that Bruce. Every channel def I ever changed got picked up when the channel restarted, even out of just Inactive. Certainly a QM restarting would be enough to pick up any changes but gfrench seems to have a situation where this is not the case. I don't know if this is by design or a bug. Seems like a bug to me.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Mar 14, 2008 11:57 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9472
Location: US: west coast, almost. Otherwise, enroute.
|
I stand corrected.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
