| Author |
Message
|
| MeLLoN |
 Posted: Thu Jul 26, 2012 9:18 am Post subject: CA SSL MQ 5.3 windows to 6.0 linux |
 |
|
Newbie
Joined: 18 Jul 2012
Posts: 7
|
| Hi, I'm generated in ibm key management personal request certificate and send it to CA, they sign it and return two files .crt formats. What should I do next? How to setup them in windows for mq 5.3? Please, help. |
|
| Back to top |
|
 |
| Vitor |
| Posted: Thu Jul 26, 2012 9:24 am Post subject: Re: CA MQ 5.3(win) to 6.0(linux) |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| MeLLoN wrote: |
| What should I do next? |
Upgrade to WMQv7 which is the only version of WMQ you should be using.
| MeLLoN wrote: |
| How to setup them in windows for mq 5.3? |
You shouldn't. You should set them up in WMQv7.
Or use the instructions in the v5.3 documentation.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| MeLLoN |
| Posted: Thu Jul 26, 2012 6:46 pm Post subject: |
|
|
Newbie
Joined: 18 Jul 2012
Posts: 7
|
| Where could I find this instructions? I can't upgrade.. |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jul 27, 2012 12:00 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
|
| Back to top |
|
|
| MeLLoN |
| Posted: Fri Jul 27, 2012 12:36 am Post subject: |
|
|
Newbie
Joined: 18 Jul 2012
Posts: 7
|
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jul 27, 2012 3:03 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| MeLLoN wrote: |
| I know were google is)) |
And yet you still you couldn't find the relevant instructions.
I do hope you (or your client) have fully signed off on the risks of still using WMQv5.3, and that they can never patch the OS ever again.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Jul 27, 2012 6:03 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| MeLLoN |
| Posted: Fri Jul 27, 2012 10:00 pm Post subject: |
|
|
Newbie
Joined: 18 Jul 2012
Posts: 7
|
What kind of risks?
So nobody ever do this before? Otherwise you wouldn't send me to this book.. |
|
| Back to top |
|
|
| exerk |
| Posted: Sat Jul 28, 2012 12:15 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| MeLLoN wrote: |
What kind of risks?
So nobody ever do this before? |
At my last site yes, and the consequences were dire. Couldn't upgrade WMQ because of an application dependency and the OS team applied a security patch which broke WMQ completely, never to work again. Of course we put WMQ V6.0 on, which solved the WMQ problem, but oh, wait a minute, there was an application dependency and the OS team couldn't roll out the patch without rebuilding the whole server, but there was a contractual obligation imposed by the customer to ensure the OS was secure...see where I'm going with this?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| MeLLoN |
| Posted: Sat Jul 28, 2012 1:19 am Post subject: |
|
|
Newbie
Joined: 18 Jul 2012
Posts: 7
|
| So u mean SSL security in MQ5.3 using certificates from CA doesn't work without patches, which never installs correctly? |
|
| Back to top |
|
|
| Vitor |
| Posted: Sat Jul 28, 2012 3:05 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| MeLLoN wrote: |
| So u mean SSL security in MQ5.3 using certificates from CA doesn't work without patches, which never installs correctly? |
No, I mean that the entire WMQv5.3 is out of support and has been for years. This means the next time you apply a patch or upgrade to the OS part of the base functionality (not just the SSL) may stop working and you'll have no redress or recourse to IBM.
Following the instructions given it's perfectly possible you can get the SSL working on WMQv5.3. Or not. WMQv5.3 may run for a while until (using the example my worthy associate gave) you have to apply an upgrade to the OS to allow an application to function which knocks out the queue manager.
What I and others mean is that you can't rely on WMQv5.3 working in an increasingly modernized environment, but you can rely on not getting help from IBM with any problem.
So whoever manages risk in the owning environment needs to sign off on that.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| MeLLoN |
| Posted: Sat Jul 28, 2012 5:27 am Post subject: |
|
|
Newbie
Joined: 18 Jul 2012
Posts: 7
|
| Fair enough. Ok thx, I get the point. If u running old software on old OS u mustn't install any patches and get backup.)) |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sat Jul 28, 2012 5:53 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| MeLLoN wrote: |
| Fair enough. Ok thx, I get the point. If u running old software on old OS u mustn't install any patches and get backup.)) |
No! You have misunderstood the replies posted here.
WMQ V5 is out of support. SSL on V5, therefore, is out of support. If V5 is working for you, and you apply maintenance (of any kind), and it breaks, it is out of support.
There are risks for staying with older software (o/s or WMQ or other), in that newer versions will likely correct problems reported on earlier versions. Add to the risk factor that vendors will/may not support you should you have problems on unsupported versions.
The benefits of newer versions include new functionality and improved throughput. In this instance case, SSL is natively and fully supported in new(er) versions of WMQ.
There are also risks for running newer versions of software, too; namely: code defects not yet discovered. But, with newer versions, you can get support from the vendor.
Do you still run Windows 95 at your shop?
In summary: whether or not to stay with older software, apply maintenance to it, or upgrade to newer software - these are decisions that you/your organization must make based on its risk-benefit analysis. And, as with any other decisions, you/your organization must live with the consequences.
Whichever decision you/your organization makes, you/your organization needs to have multiple plans:
1. how to move forward
2. how to maintain the current status
3. how to fall back
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Vitor |
| Posted: Sat Jul 28, 2012 6:42 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| MeLLoN wrote: |
| Fair enough. Ok thx, I get the point. If u running old software on old OS u mustn't install any patches and get backup.)) |
And that if the hardware fails you probably can't restore the backup onto replacement hardware because all the old drivers are incompatible & hence the system is lost.
And the hardware can't be used for anything else because modern software can't run on that old OS.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| MeLLoN |
| Posted: Sat Jul 28, 2012 9:39 am Post subject: |
|
|
Newbie
Joined: 18 Jul 2012
Posts: 7
|
|
| Back to top |
|
|
|
|
