| Author |
Message
|
| ranjitjoseph |
 Posted: Thu Apr 09, 2009 12:42 am Post subject: MQ ssl implementation |
 |
|
Novice
Joined: 09 Apr 2009
Posts: 18
|
Hi guys,
We have generated and implemented ssl on a server a month back.
Now i have to implement ssl on another server which is replication of the previous one.
So do I need to generate a new ssl certificate or can I implement the same certificate on this one also.
Pls suggest.
Its urgent. |
|
| Back to top |
|
 |
| exerk |
| Posted: Thu Apr 09, 2009 1:21 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Is the queue manager name the same? If yes, you are in luck. Did you back up the contents of the ssl sub-directory, or just the certificate? If just the certificate, tough.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Apr 09, 2009 1:34 am Post subject: Re: MQ ssl implementation |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| ranjitjoseph wrote: |
Now i have to implement ssl on another server which is replication of the previous one.
|
If you're rebuilding the same server, with the same queue manager name, then you can use the same certificate.
If you're building another server that hosts a queue manager with the same name then you can use the same certificate, but as you'll have 2 queue managers with the same name you'll have more problems than ssl. Unless you're using a WMQ cluster, when you'll have no problems because it will fail straight away and is unfixable.
If you're building another server, using the first as a template, with a different queue manager name then you'll need another ssl certificate with the correct name in it.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| ranjitjoseph |
| Posted: Thu Apr 09, 2009 1:37 am Post subject: MQ ssl implementation |
|
|
Novice
Joined: 09 Apr 2009
Posts: 18
|
Yes, QM name and channel names are same.
I have backed up the contents of sub directory.
Will it do? |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Apr 09, 2009 1:48 am Post subject: Re: MQ ssl implementation |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| ranjitjoseph wrote: |
| Will it do? |
Yes...and channel names are irrelevant, it's the queue manager name that matters.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| ranjitjoseph |
| Posted: Thu Apr 09, 2009 1:51 am Post subject: |
|
|
Novice
Joined: 09 Apr 2009
Posts: 18
|
Do we need to add a CA certificate into the repository.
or just back up the contents of the respective folder? |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Apr 09, 2009 2:14 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
You wrote:
| ranjitjoseph wrote: |
| ...I have backed up the contents of sub directory... |
So the key store should already contain the necessary CA certificates you added to that key store.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| ranjitjoseph |
| Posted: Thu Apr 09, 2009 2:21 am Post subject: |
|
|
Novice
Joined: 09 Apr 2009
Posts: 18
|
Yes. it contains all the necessary files
But my question is do i need to perform any additional task other than moving the contents of folder
/var/mqm/qmgrs/QM/ssl/
from primary server to its replica. |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Apr 09, 2009 2:26 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Only those tasks that you would do normally... and I'm not going to give you one of these  and tell you, you should know, or  to find out.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
