|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
 |
|
SSL Related question on Message Broker V6.1 |
« View previous topic :: View next topic » |
Author |
Message
|
Rahul999 |
Posted: Thu Jun 17, 2010 7:38 am Post subject: SSL Related question on Message Broker V6.1 |
|
|
 Centurion
Joined: 14 Mar 2007 Posts: 134
|
Hello All,
its not an urgent problem but it is something we are planning to implement in future.
need advice from all the experienced people present on the forum.
We are running Message Broker V6.1 on AIX server, right now we are having a flow which is acting as webservice using SOAP nodes, now once the requests are inside this flow, we are calling another seperate flow(via HTTP Call) to perform some operation on this request. Now, this flow also running on the same execution group with HTTP Input node as the first node so that it can receive HTTP Requests.
Now, here are more details and then my questions.
SOAP port is accepting request on port 7800(which is an execution grp level property), lets call it "Webservice" Flow
HTTP Port which is getting HTTP calls from Webservice flow is getting requests on port 7080 which is default for a broker on V6.1
Now, moving forward to UAT environment, we want to enable SSL to prevent unauthorized access to both our HTTP ports and SOAP ports.
Now, as SOAP port is directly accepting the requests from front end application, we need to enable SSL for this port at execution grp level, that would not be a problem as we will share our certificates with Front end and they will also do the same.
Now, as HTTP port is also open , we need to enable SSL on this as well, but it doesnt have direct connection with the front end so we are not sure how exactly we should handle the authentication, we can put SSL on this, but then how the SSL authentication will worker in between the same broker when Webservice flow will make call to this HTTP node ?
and how we are going to share the certificate within a broker itself where broker itself is making calls to its own listener.
Does anyone have any suggestions, please share with us.
Thanks |
|
Back to top |
|
 |
Rahul999 |
Posted: Fri Jun 18, 2010 9:30 pm Post subject: |
|
|
 Centurion
Joined: 14 Mar 2007 Posts: 134
|
Quote: |
its not an urgent problem but it is something we are planning to implement in future.
need advice from all the experienced people present on the forum. |
when i mentioned it is not an urgent problem, I never thought that nobody would reply well, its might not be a urgent problem but it is a very practical problem which we are going to face in the coming days. want to gather as much info as possible.
Thanks. _________________ "For all your days be prepared, and meet them ever alike.
When you are the anvil, bear - when you are the hammer, strike."
- Edwin Markham |
|
Back to top |
|
 |
smdavies99 |
Posted: Fri Jun 18, 2010 10:39 pm Post subject: |
|
|
 Jedi Council
Joined: 10 Feb 2003 Posts: 6076 Location: Somewhere over the Rainbow this side of Never-never land.
|
If it is that urgent then your best plan is to raise a PMR.
The people who reply on this forum do so mostly out of the kindness of their hearts. If you want official support then you are paying IBM for it so why not use it? _________________ WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
Back to top |
|
 |
Rahul999 |
Posted: Tue Jun 22, 2010 3:24 am Post subject: |
|
|
 Centurion
Joined: 14 Mar 2007 Posts: 134
|
Sorry for bringing this issue again, but can anyone guide me how we are going to enable the connection between SOAP HTTPSConnector of an execution group(port -7800) and Broker HTTPS port.(7081)
although execution group belongs to the mentioned BROKER only but both the port is SSL enabled so do we need to do something special to make the connection work between them?
Please comments/guides.
Cheers. |
|
Back to top |
|
 |
mqjeff |
Posted: Tue Jun 22, 2010 4:27 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008 Posts: 17447
|
You can't "connect" the SOAP Listener to the HTTP Listener ports directly... ?
You can use HTTPRequest and SOAPRequest nodes to call either one from a message flow. You can call either one from any device that can see the network address.
You can enable either or both to use SSL and enable them to either use the same or a different key store - both for signer certs and for personal certs.
You can't assign them to the same port #, as they are different processes and so *can not* share the same unique port/address setting. Just like you can't start two email servers using port 21 on the same ip address or two *anythings* using the same unique port/address setting. |
|
Back to top |
|
 |
Rahul999 |
Posted: Tue Jun 22, 2010 5:46 pm Post subject: |
|
|
 Centurion
Joined: 14 Mar 2007 Posts: 134
|
Quote: |
You can enable either or both to use SSL and enable them to either use the same or a different key store - both for signer certs and for personal certs. |
Yes, we had some issue with the above , Keystore/Certs entry was not proper. Repeated the steps again and now it is working fine.
Regards, _________________ "For all your days be prepared, and meet them ever alike.
When you are the anvil, bear - when you are the hammer, strike."
- Edwin Markham |
|
Back to top |
|
 |
|
|
 |
|
Page 1 of 1 |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|
|
|