| Author |
Message
|
| J.D |
 Posted: Tue Jul 13, 2010 11:09 am Post subject: Client Certificate |
 |
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
Hi,
We are trying to implement one way authentication using SSL between MQ Client and Server. We have our own PKI and security team installed Certs on all the Client machines. Does the SSL work without specifying key repository, taking the certificate from Windows standard location?
Clients and Servers are on Windows 2003.
MQ Version 6.0.2.5
Clients using C++ code
Thank You!!!
_________________
IBM WebSphere MQ & WAS Administrator |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Tue Jul 13, 2010 11:17 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Have you read the WMQ Security manual? Have you read up on SSL and keys? Have you searched google? Have you searched the InfoCenter?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| dirkwirtz |
| Posted: Thu Jul 15, 2010 3:02 am Post subject: |
|
|
Newbie
Joined: 15 Jul 2010
Posts: 1
|
Hi!
It's not described on any manual.
I've the same question.
Is it possible to get access with the MQC to the WIN internal cert store?
Normal way is to use the MQSSLKEYR environment variable.
@bruce: whats your meaning where it is described??
Many greets, Dirk |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Jul 15, 2010 7:47 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
|
| Back to top |
|
|
| J.D |
| Posted: Thu Jul 15, 2010 12:51 pm Post subject: |
|
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
I'm sure that for non-java clients .kdb file has to be used to store CA Trust certificates and it is also mentioned in the manual as below:
"For a WebSphere MQ client, there is no default path or stem name. Choose a key database file to which you can restrict access. The extension must be .kdb"
But the problem here is i need to convince application folks that windows default location for certificates doesn't work with MQ Client.
_________________
IBM WebSphere MQ & WAS Administrator |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Jul 15, 2010 1:00 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| J.D wrote: |
I'm sure that for non-java clients .kdb file has to be used to store CA Trust certificates and it is also mentioned in the manual as below:
"For a WebSphere MQ client, there is no default path or stem name. Choose a key database file to which you can restrict access. The extension must be .kdb"
But the problem here is i need to convince application folks that windows default location for certificates doesn't work with MQ Client. |
How is it a problem to convince this of them?
The documentation says it won't work. Show them the documentation. |
|
| Back to top |
|
|
|
|
