ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » clientAuth SSL SVRCONN for M071

Post new topic  Reply to topic
 clientAuth SSL SVRCONN for M071 « View previous topic :: View next topic » 
Author Message
ivanachukapawn
PostPosted: Mon Sep 20, 2010 3:16 am    Post subject: clientAuth SSL SVRCONN for M071 Reply with quote

Knight

Joined: 27 Oct 2003
Posts: 561
I am attempting client authenticated SSL SVRCONN for MQMon, getting 2393 on connection attempt. In, reply to previous post I received this advice:
Quote:
Just select SSL Cipher Spec from the drop-down box and SSL PEER and SSL REPOSITORY both magically appear. For difficulties in getting SSL PEER to match the certificate's distinguished name it is suggested that SSL PEER can be configured with %CNname%*
I am trying this config without a CCT using the M071 GUI configuration. When I try echo %CNname% I find that this variable is not set and of course setting SSL PEER to the recommended value %CNname%* does not work. However, setting SSL PEER to the full string does not work either. I am fairly certain that SSL PEER setting is the cause of the 2393 (because I can connect M071 on a similarly configured SSL SVRCONN which is not client auth). To solve this problem how should I set SSL PEER in the M071 config?
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Sep 20, 2010 7:35 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
You have to be careful with the SSLPEER part.
Start slow and build. Typically the multiple OU values might need to be in reverse order compared to the cert....

My advice, try it first without SSLPEER, and then add in the SSLPEER values one by one. But remember that you add in the ones that need to be checked on the counterpart... So on the client side (MO71) the Peer values of the server cert; on the MQServer (svrconn chl) the Peer values of the client cert.


_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » clientAuth SSL SVRCONN for M071
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.