| Author |
Message
|
| zpat |
 Posted: Thu Oct 07, 2010 8:18 am Post subject: WMB 6.1 keystore and truststore |
 |
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
I am trying to debug a message flow which uses the SoapRequest node.
The other end (web service provider) has sent me a certificate to use.
The other end is verifiying us (we are not verifiying them) with this cert.
Do I put this cert in the broker keystore or truststore?
Can someone explain the difference and which SoapRequest will use in this case?
Thanks |
|
| Back to top |
|
 |
| napier |
| Posted: Thu Oct 07, 2010 8:19 am Post subject: |
|
|
Apprentice
Joined: 09 Oct 2007
Posts: 48
Location: USA
|
| You need to put this in Keystore file |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Oct 07, 2010 11:50 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
|
| Back to top |
|
|
| crossland |
| Posted: Fri Oct 08, 2010 12:53 am Post subject: |
|
|
Master
Joined: 26 Jun 2001
Posts: 248
|
The presentation sounds correct to me as when you issue the SOAP request, you are the client and need to verify the server certificate and truststores contain certificates for the signers that are trusted in the environment where the truststore is used.
Further information on getting SSL diagnostic information can be found here:
http://www.inspirotechnic.com/index.php?page=wmb-ssl-diagnostic-info |
|
| Back to top |
|
|
| zpat |
| Posted: Fri Oct 08, 2010 1:54 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| Can the Keystore and the Truststore refer to the same JKS file? |
|
| Back to top |
|
|
| crossland |
| Posted: Fri Oct 08, 2010 2:19 am Post subject: |
|
|
Master
Joined: 26 Jun 2001
Posts: 248
|
|
| Back to top |
|
|
| zpat |
| Posted: Fri Oct 08, 2010 7:31 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
OK, makes sense.
I assume that MQ and WMB can't share a keystore as they use different types of keystore? |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Oct 08, 2010 7:34 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
The type of keystore has nothing to do with the contents of the keystore.
If you wish to assert the same logical identity from your Broker as you do from your queue manager, then you can put the same certificate in both keystores.
It is of questionable value to assert that your broker is the same logical entity as it's queue manager. |
|
| Back to top |
|
|
| napier |
| Posted: Fri Oct 08, 2010 7:59 am Post subject: |
|
|
Apprentice
Joined: 09 Oct 2007
Posts: 48
Location: USA
|
|
| Back to top |
|
|
|
|
