| Author |
Message
|
| fd |
 Posted: Fri Jun 24, 2011 9:05 am Post subject: AS/400 SSL |
 |
|
Newbie
Joined: 24 Jun 2011
Posts: 4
|
I need to establish an SSL connection between 2 Qmgr on OS/400
A firewall (limited to listerning port & outgoing port range) and MQIPT (SSL proxy mode) sits between this 2 Qmgr
Local CA is used & server certs created
Cipher is set on the channels
However, the SSL cannot be establised. Is there any other steps to be performed or ports to be opened? |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Fri Jun 24, 2011 10:07 am Post subject: Re: AS/400 SSL |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| fd wrote: |
| However, the SSL cannot be establised. |
Really? What evidence leads you to believe this? Are there any error messages that you can share with us?
What problem-determination steps have you performed so far? What were the results?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| fd |
| Posted: Fri Jun 24, 2011 10:54 am Post subject: |
|
|
Newbie
Joined: 24 Jun 2011
Posts: 4
|
The conn can be established without the SSL settings.
A similar setup is also done on windows (without FW) |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Jun 24, 2011 10:59 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
ok, but what did you discover from looking at the error logs?
"It doesn't work" is not a technical problem description.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Jun 24, 2011 11:07 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
There is a support pac downloadable from ibm that does SSL configuration checking.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| fd |
| Posted: Fri Jun 24, 2011 11:09 am Post subject: |
|
|
Newbie
Joined: 24 Jun 2011
Posts: 4
|
I do not have easy access to / have enough knowledge to troubleshoot MQ on OS/400. Would really appreciate if some pointers can be given.
Direct manipulation of FW is off limit as well |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Jun 24, 2011 11:25 am Post subject: Re: AS/400 SSL |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| fd wrote: |
I need to establish an SSL connection between 2 Qmgr on OS/400
A firewall (limited to listerning port & outgoing port range) and MQIPT (SSL proxy mode) sits between this 2 Qmgr
Local CA is used & server certs created
Cipher is set on the channels
However, the SSL cannot be establised. Is there any other steps to be performed or ports to be opened? |
So make things easy for you and make your setup:
MQServer <-> MQIPT <-> MQIPT <-> MQServer
No need for SSL on the qmgrs, mqipt can handle it all. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| fd |
| Posted: Fri Jun 24, 2011 12:00 pm Post subject: |
|
|
Newbie
Joined: 24 Jun 2011
Posts: 4
|
i am afraid that config is not feasible as 1 of the MQ is from an external party.
Take it as a requirement..... |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Jun 24, 2011 12:33 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| fd wrote: |
I do not have easy access to / have enough knowledge to troubleshoot MQ on OS/400. Would really appreciate if some pointers can be given.
Direct manipulation of FW is off limit as well |
Do you know MQ? Do you have enough knowledge to troubleshoot MQ on another platform?
Do you know how to use iSeries hardware/software?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Jun 24, 2011 12:36 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| fd wrote: |
i am afraid that config is not feasible as 1 of the MQ is from an external party.
Take it as a requirement..... |
Well you did not specify and my assumption is that he MQIPT is on the external party... So create an MQIPT at your site and connect it to the MQIPT on the foreign site...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
