ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » MQ SSL with single certificate

Post new topic  Reply to topic
 MQ SSL with single certificate « View previous topic :: View next topic » 
Author Message
blueman
PostPosted: Mon May 30, 2011 12:00 pm    Post subject: MQ SSL with single certificate Reply with quote

Novice

Joined: 23 May 2010
Posts: 15
Hi,

I have 3 Queue Managers in my environment, can i procure one SSL certificate and share this across 3 QM's. .I have searched for documents online and could find less info about this setup. I have read about setting the certificate to default certificate by setting up an environment variable AMQ_SSL_ALLOW_DEFAULT_CERT with value 1. This doesnt work for us.

Can some provide some info regarding this or info about how to make the certificate default cert.

http://hursleyonwmq.wordpress.com/2007/02/16/do-you-have-to-specify-an-ssl-certificate-label/

Thanks in advance

Shaan
Back to top
View user's profile Send private message
exerk
PostPosted: Mon May 30, 2011 2:23 pm    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339
Each queue manager should have its own certificate; not to do so is pretty pointless from a security context as the CN value of the certificate DN should ideally be unique, e.g. the queue manager name.

You say that setting the AMQ_SSL_ALLOW_DEFAULT_CERT variable 'failed' but you do not state which version of WMQ you are using, and whether the conditions stated HERE were met or not.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon May 30, 2011 4:52 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
exerk wrote:
Each queue manager should have its own certificate; not to do so is pretty pointless from a security context as the CN value of the certificate DN should ideally be unique, e.g. the queue manager name.



If you want less work with the certs, look at the red books where it tells you how to set up your own cert authority.
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
blueman
PostPosted: Mon May 30, 2011 10:32 pm    Post subject: Reply with quote

Novice

Joined: 23 May 2010
Posts: 15
THanks for the reply,

We are using MQ version 6.0.

Regards
Shaan
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » MQ SSL with single certificate
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.