| Author |
Message
|
| velocity |
 Posted: Thu Apr 10, 2008 8:31 am Post subject: SSL help |
 |
|
Centurion
Joined: 30 Nov 2007
Posts: 126
|
Hi guys!!!
I have CA root cert installed in a QMs key repository. I am trying to secure the channels through SSL. The remote QM has CA root cert, intermediate cert and personal certificate. I think this is the reason why we are not able to do a handshake!
Can you tell me what do i need to do to the remote QM for ssl handshake to take place? Should I remove its intermediate and personal certs, so that both the QMs have onle the CA root certs. Can I get rid of the intermediate and personal certs on the remote QM??
I believe I have only CA root cert and not the intermediate and personal cert.
Pls help when you get chance!
Velocity |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Thu Apr 10, 2008 8:43 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Follow the steps in the InfoCenter.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| marcin.kasinski |
| Posted: Thu Apr 10, 2008 8:53 am Post subject: |
|
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
| jefflowrey wrote: |
| Follow the steps in the InfoCenter. |
Then you can check MQ logs.
Are you private certs signed by CA from your keystore ?
_________________
Marcin |
|
| Back to top |
|
|
| velocity |
| Posted: Thu Apr 10, 2008 9:34 am Post subject: |
|
|
Centurion
Joined: 30 Nov 2007
Posts: 126
|
I have CA root cert installed in the KEY repository.
The remote QM has a series of certs.
My only question is I want to use only CA root cert and nothing else and if I remove all the certs from the Remote QM and just keep the CA root cert..will this be acceptable?
do I need to install both the certs in each others repositories?? |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Apr 10, 2008 9:39 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
What security do you think you will achieve if you only use the CA?
What do you think the role of the personal cert is?
What problem are you trying to resolve by this configuration?
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| marcin.kasinski |
| Posted: Thu Apr 10, 2008 9:43 am Post subject: |
|
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
| velocity wrote: |
My only question is I want to use only CA root cert and nothing else and if I remove all the certs from the Remote QM and just keep the CA root cert..will this be acceptable? |
Have you tested it ?
Have you checked qmgr logs ?
In you qmgr keystore (local or remote) you have to install personal certificate and at least one CA.
_________________
Marcin |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Thu Apr 10, 2008 9:46 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Here is one of those opportunities to point you to the WMQ Security manual which gives you a step-by-step procedure for implementing SSL. The manual also explains, albeit briefly, the function of certs.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Apr 10, 2008 9:53 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
|
| Back to top |
|
|
| velocity |
| Posted: Thu Apr 10, 2008 10:20 am Post subject: |
|
|
Centurion
Joined: 30 Nov 2007
Posts: 126
|
| Thanks a LOT!! Jefflowry!! I got it NOW! |
|
| Back to top |
|
|
|
|
