| Author |
Message
|
| RouteMe |
 Posted: Mon May 21, 2012 8:05 am Post subject: Secure Message Broker ToolKit v7 |
 |
|
Novice
Joined: 03 Dec 2009
Posts: 16
|
Created a self signed cert in key.kdb file and added the public key to .jks file on my desktop.
Created a self signed cert in .jks file(desktop) and added the public key in key.kdb file
SSLCAUTH is set to REQUIRED
i am able to connect to the Qmgr and Broker in AIX using this jks file with Broker Explorer from my desktop
But when i am trying to connect to the same broker from Broker Toolkit using this same .jks file, server connection channel and desktop
i get this error
Key store format error or invalid parameters passed (for example, wrong password)
Check that,
1. The broker is running.
2. The TCP/IP port of the queue manager is active if it is remote.
Below are what i tried while troubleshooting but didnt help
-Copied the jks file to different location since Broker explorer is also using the same file
-Passed this argument in toolkit Properties Target location to set the password
-vmargs -Djavax.net.ssl.keyStorePassword=mypwd
Any suggestions on what might have went wrong |
|
| Back to top |
|
 |
| RouteMe |
| Posted: Mon May 21, 2012 9:44 am Post subject: |
|
|
Novice
Joined: 03 Dec 2009
Posts: 16
|
forgot to mention
i dont see any errors in the Qmgr logs |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon May 21, 2012 6:26 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
what is your input for keystore, what is your input for trustore?
what is your key size?
Is your CipherSuite using SSL_FIPS?
Full version of your toolkit?
Sounds vaguely familiar as if you are missing a patch on the toolkit... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RouteMe |
| Posted: Mon May 21, 2012 7:01 pm Post subject: |
|
|
Novice
Joined: 03 Dec 2009
Posts: 16
|
WMB Toolkit - 7.0.0
MB Explorer - 7.0
Key size - 1024
Cipher Suite - SSL_RSA_WITH_3DES_EDE_CBC_SHA
Cipher Spec in Qmgr - TRIPLE_DES_SHA_US
Input for Keystore - C:\Program Files\IBM\WebSphere MQ\certs.jks
Input for Trustore - C:\Program Files\IBM\WebSphere MQ\certs.jks |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Mon May 21, 2012 10:24 pm Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| RouteMe wrote: |
WMB Toolkit - 7.0.0
MB Explorer - 7.0
|
Broker Toolkit versions are in the form n.n.n.n
for example
| Code: |
Version: 7.0.0.1
Build id: 7.0.0.1-20100630_0750
|
If you are truly running on unpatched WMQ and broker then may I humbly suggest that you apply some fixpacks and try again. OR at least look at the patched included in the different fixpacks to see if there is one that is relevant to your problems.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue May 22, 2012 5:03 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| RouteMe wrote: |
WMB Toolkit - 7.0.0
MB Explorer - 7.0
Key size - 1024
Cipher Suite - SSL_RSA_WITH_3DES_EDE_CBC_SHA
Cipher Spec in Qmgr - TRIPLE_DES_SHA_US
Input for Keystore - C:\Program Files\IBM\WebSphere MQ\certs.jks
Input for Trustore - C:\Program Files\IBM\WebSphere MQ\certs.jks |
With this ciphersuite you need a key that has at least 2048 in size. You also need ssl FIPS turned on. and you need the APAR for connecting with SSL FIPS. ( open a PMR). And it looks like your cipher suite might not match your cipherspec but I'd have to check that... I was trying the corresponding TLS cipher spec...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RouteMe |
| Posted: Tue May 22, 2012 5:51 am Post subject: |
|
|
Novice
Joined: 03 Dec 2009
Posts: 16
|
smdavies99
Thank You for your humble request..installing the fix pack worked
fjb_saper
Thanks for your advice regarding the key size.
I am sure that Cipher suite matches Cipher Spec.
why do i need FIPS ? |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue May 22, 2012 5:56 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Which fixpack?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| RouteMe |
| Posted: Tue May 22, 2012 6:26 am Post subject: |
|
|
Novice
Joined: 03 Dec 2009
Posts: 16
|
| Installed Broker Toolkit fix pack 4 |
|
| Back to top |
|
|
| RouteMe |
| Posted: Tue May 22, 2012 6:27 am Post subject: |
|
|
Novice
Joined: 03 Dec 2009
Posts: 16
|
| upgraded to Broker Toolkit v7.0.0.4 |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue May 22, 2012 1:46 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| RouteMe wrote: |
smdavies99
Thank You for your humble request..installing the fix pack worked
fjb_saper
Thanks for your advice regarding the key size.
I am sure that Cipher suite matches Cipher Spec.
why do i need FIPS ? |
FIPS => government standard for secure communications...
You do not need it, but you might want to use it...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
