| Author |
Message
|
| Ayhamov |
 Posted: Thu Nov 22, 2012 5:26 am Post subject: Configure Queue Manager with SSL (Unix and Windows) |
 |
|
Novice
Joined: 17 Apr 2008
Posts: 13
|
Hello everyone,
I have 2 queue managers, one on UNIX (Sender), and the other on Windows (Receiver).
I have generated the keys on the IBM Key Management on the Windows Server, and placed the 4 files (key.sth, key.crl, key.kdb, and key.rdb) inside the ssl folder in both Unix and Windows sides.
I'm trying to Ping from the sender channel to receiver channel and getting this error AMQ4058 Connection closed.
Please advise.
Thanks |
|
| Back to top |
|
 |
| md7 |
| Posted: Thu Nov 22, 2012 7:36 pm Post subject: |
|
|
Apprentice
Joined: 29 Feb 2012
Posts: 49
Location: Sydney.AU
|
| What are you trying to do? Enabling SSL on channels? |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Thu Nov 22, 2012 8:19 pm Post subject: Re: Configure Queue Manager with SSL (Unix and Windows) |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Ayhamov wrote: |
I'm trying to Ping from the sender channel to receiver channel and getting this error AMQ4058 Connection closed.
|
Do you mean the MQSC PING? Was the MQSC PING successful BEFORE you added SSL to the channels?
Can you successfully do a tcp/ip ping?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Ayhamov |
| Posted: Sat Nov 24, 2012 10:17 pm Post subject: |
|
|
Novice
Joined: 17 Apr 2008
Posts: 13
|
| md7 wrote: |
| What are you trying to do? Enabling SSL on channels? |
Yes, I want all messages exchanged between the queue managers encrypted. |
|
| Back to top |
|
|
| Ayhamov |
| Posted: Sat Nov 24, 2012 10:18 pm Post subject: Re: Configure Queue Manager with SSL (Unix and Windows) |
|
|
Novice
Joined: 17 Apr 2008
Posts: 13
|
| bruce2359 wrote: |
| Ayhamov wrote: |
I'm trying to Ping from the sender channel to receiver channel and getting this error AMQ4058 Connection closed.
|
Do you mean the MQSC PING? Was the MQSC PING successful BEFORE you added SSL to the channels?
Can you successfully do a tcp/ip ping? |
Yes, before adding the SSL on the channel, the MQSC works. But after adding it, I get connection closed error.
Thanks |
|
| Back to top |
|
|
| exerk |
| Posted: Sun Nov 25, 2012 3:45 am Post subject: Re: Configure Queue Manager with SSL (Unix and Windows) |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Ayhamov wrote: |
| bruce2359 wrote: |
| Ayhamov wrote: |
I'm trying to Ping from the sender channel to receiver channel and getting this error AMQ4058 Connection closed.
|
Do you mean the MQSC PING? Was the MQSC PING successful BEFORE you added SSL to the channels?
Can you successfully do a tcp/ip ping? |
Yes, before adding the SSL on the channel, the MQSC works. But after adding it, I get connection closed error.
Thanks |
Then you need to check every setting, e.g. SSLPEER, SSLCIPH, and ensure the settings at each end are as they should be. There are SupportPacs which will help.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Ayhamov |
| Posted: Mon Nov 26, 2012 1:09 am Post subject: Re: Configure Queue Manager with SSL (Unix and Windows) |
|
|
Novice
Joined: 17 Apr 2008
Posts: 13
|
| exerk wrote: |
| Ayhamov wrote: |
| bruce2359 wrote: |
| Ayhamov wrote: |
I'm trying to Ping from the sender channel to receiver channel and getting this error AMQ4058 Connection closed.
|
Do you mean the MQSC PING? Was the MQSC PING successful BEFORE you added SSL to the channels?
Can you successfully do a tcp/ip ping? |
Yes, before adding the SSL on the channel, the MQSC works. But after adding it, I get connection closed error.
Thanks |
Then you need to check every setting, e.g. SSLPEER, SSLCIPH, and ensure the settings at each end are as they should be. There are SupportPacs which will help. |
Before that, do I have to create a kdb and sth files with same password at both servers (on Windows, and AIX)? Or Shall I create it on the Unix and FTP it to the Windows?
If there're some commands to help please share.
Thanks |
|
| Back to top |
|
|
| exerk |
| Posted: Mon Nov 26, 2012 1:14 am Post subject: Re: Configure Queue Manager with SSL (Unix and Windows) |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Ayhamov wrote: |
| Before that, do I have to create a kdb and sth files with same password at both servers (on Windows, and AIX)? |
I'm not sure how to interpret that question - do you already have key stores in place for both queue managers?
| Ayhamov wrote: |
| Or Shall I create it on the Unix and FTP it to the Windows? |
That is a question for your security department, i.e. whether they will allow centralised key store management, or insist on in-place key store management.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Nov 26, 2012 5:54 am Post subject: Re: Configure Queue Manager with SSL (Unix and Windows) |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Ayhamov wrote: |
| ...do I have to create a kdb and sth files... |
Yes, you must have keystores available to each qmgr.
| Ayhamov wrote: |
| ...with same password at both servers (on Windows, and AIX)? |
No.
| Ayhamov wrote: |
| Or Shall I create it on the Unix and FTP it to the Windows? |
What do you mean by 'it'? The keystore? Certificates?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Nov 26, 2012 6:26 am Post subject: Re: Configure Queue Manager with SSL (Unix and Windows) |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Ayhamov wrote: |
I have generated the keys on the IBM Key Management on the Windows Server, and placed the 4 files (key.sth, key.crl, key.kdb, and key.rdb) inside the ssl folder in both Unix and Windows sides. |
It would help if you used precise technical terminology. For example: how did you place the 4 files...? Exactly what utilities? What commands did you use?
Are you following instructions in some official IBM documentation?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Nov 26, 2012 6:33 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Moved to Security forum.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
