ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » SSL Related question on Message Broker V6.1

Post new topic  Reply to topic
 SSL Related question on Message Broker V6.1 « View previous topic :: View next topic » 
Author Message
Rahul999
PostPosted: Thu Jun 17, 2010 7:38 am    Post subject: SSL Related question on Message Broker V6.1 Reply with quote

Centurion

Joined: 14 Mar 2007
Posts: 134

Hello All,
its not an urgent problem but it is something we are planning to implement in future.
need advice from all the experienced people present on the forum.

We are running Message Broker V6.1 on AIX server, right now we are having a flow which is acting as webservice using SOAP nodes, now once the requests are inside this flow, we are calling another seperate flow(via HTTP Call) to perform some operation on this request. Now, this flow also running on the same execution group with HTTP Input node as the first node so that it can receive HTTP Requests.

Now, here are more details and then my questions.

SOAP port is accepting request on port 7800(which is an execution grp level property), lets call it "Webservice" Flow

HTTP Port which is getting HTTP calls from Webservice flow is getting requests on port 7080 which is default for a broker on V6.1

Now, moving forward to UAT environment, we want to enable SSL to prevent unauthorized access to both our HTTP ports and SOAP ports.

Now, as SOAP port is directly accepting the requests from front end application, we need to enable SSL for this port at execution grp level, that would not be a problem as we will share our certificates with Front end and they will also do the same.

Now, as HTTP port is also open , we need to enable SSL on this as well, but it doesnt have direct connection with the front end so we are not sure how exactly we should handle the authentication, we can put SSL on this, but then how the SSL authentication will worker in between the same broker when Webservice flow will make call to this HTTP node ?

and how we are going to share the certificate within a broker itself where broker itself is making calls to its own listener.

Does anyone have any suggestions, please share with us.

Thanks
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Rahul999
PostPosted: Fri Jun 18, 2010 9:30 pm    Post subject: Reply with quote

Centurion

Joined: 14 Mar 2007
Posts: 134

Quote:
its not an urgent problem but it is something we are planning to implement in future.
need advice from all the experienced people present on the forum.


when i mentioned it is not an urgent problem, I never thought that nobody would reply well, its might not be a urgent problem but it is a very practical problem which we are going to face in the coming days. want to gather as much info as possible.

Thanks.
_________________
"For all your days be prepared, and meet them ever alike.
When you are the anvil, bear - when you are the hammer, strike."
- Edwin Markham
Back to top
View user's profile Send private message Send e-mail Visit poster's website
smdavies99
PostPosted: Fri Jun 18, 2010 10:39 pm    Post subject: Reply with quote

Jedi Council

Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.

If it is that urgent then your best plan is to raise a PMR.

The people who reply on this forum do so mostly out of the kindness of their hearts. If you want official support then you are paying IBM for it so why not use it?
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995

Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
Back to top
View user's profile Send private message
Rahul999
PostPosted: Tue Jun 22, 2010 3:24 am    Post subject: Reply with quote

Centurion

Joined: 14 Mar 2007
Posts: 134

Sorry for bringing this issue again, but can anyone guide me how we are going to enable the connection between SOAP HTTPSConnector of an execution group(port -7800) and Broker HTTPS port.(7081)

although execution group belongs to the mentioned BROKER only but both the port is SSL enabled so do we need to do something special to make the connection work between them?

Please comments/guides.
Cheers.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
mqjeff
PostPosted: Tue Jun 22, 2010 4:27 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

You can't "connect" the SOAP Listener to the HTTP Listener ports directly... ?

You can use HTTPRequest and SOAPRequest nodes to call either one from a message flow. You can call either one from any device that can see the network address.

You can enable either or both to use SSL and enable them to either use the same or a different key store - both for signer certs and for personal certs.

You can't assign them to the same port #, as they are different processes and so *can not* share the same unique port/address setting. Just like you can't start two email servers using port 21 on the same ip address or two *anythings* using the same unique port/address setting.
Back to top
View user's profile Send private message
Rahul999
PostPosted: Tue Jun 22, 2010 5:46 pm    Post subject: Reply with quote

Centurion

Joined: 14 Mar 2007
Posts: 134

Quote:
You can enable either or both to use SSL and enable them to either use the same or a different key store - both for signer certs and for personal certs.


Yes, we had some issue with the above , Keystore/Certs entry was not proper. Repeated the steps again and now it is working fine.

Regards,
_________________
"For all your days be prepared, and meet them ever alike.
When you are the anvil, bear - when you are the hammer, strike."
- Edwin Markham
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » SSL Related question on Message Broker V6.1
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.