| Author |
Message
|
| bcostacurta |
 Posted: Thu May 27, 2010 10:57 am Post subject: SSL channels sdr/rcvr : exchange of public key ? |
 |
|
Acolyte
Joined: 10 Dec 2009
Posts: 71
Location: Luxembourg
|
Dears,
I currently setup channels sender / receiver between two MQSeries servers (different sites and different compagnies) to exchange message with SSL encryption.
Each MQSeries has its own CA root authorities certificate and private certificate (issued by this CA) into its keyring.
What about the public keys ?
Do we need to exchange public key (not private of course) and related CA root ?
So each keyring should contain :
- own CA root
- own private certificate (with key pair private/public) signed by the CA root.
- the other part CA root
- the other part public key
Is this correct ?
If so, do we need to exchange these files manually, or does the channel protocol negotiate the public key of other part automatically (ie. if at least CA root is present on the keyring) ?
Thanks for attention.
Bye,
Bruno |
|
| Back to top |
|
 |
| exerk |
| Posted: Thu May 27, 2010 1:04 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
The minimum requirements for each key store are:
1. A personal certificate;
2. A copy of the CA certificate that signed the above personal certificate; and
3. A copy of the CA certificate used to sign the other parties personal certificate.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| bcostacurta |
| Posted: Fri May 28, 2010 3:54 am Post subject: |
|
|
Acolyte
Joined: 10 Dec 2009
Posts: 71
Location: Luxembourg
|
Thanks for confirmation.
If a MQSeries called A sends encrypted message to B it needs to encrypt the message with public key of B. Correct ?
So how will A obtain public key of B ?
Could it be negotiated via the two MQSeries when connection is established via a request / response between both MQSeries ?
Thanks for attention.
Bye,
Bruno |
|
| Back to top |
|
|
| exerk |
| Posted: Fri May 28, 2010 4:10 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Two SupportPacs: MH03 and MO04
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| bcostacurta |
| Posted: Tue Jun 08, 2010 12:37 am Post subject: |
|
|
Acolyte
Joined: 10 Dec 2009
Posts: 71
Location: Luxembourg
|
It works as following requirements are fulfill :
...
The minimum requirements for each key store are:
1. A personal certificate
2. A copy of the CA certificate that signed the above personal certificate; and
3. A copy of the CA certificate used to sign the other parties personal certificate.
...
So *I suppose from here* that MQSeries protocols exchange public key between each MQSeries servers to be able to encrypt message on sender side to be decrypted on receiver side.
Bye,
Bruno |
|
| Back to top |
|
|
|
|
