| Author |
Message
|
| Ross |
 Posted: Wed Nov 06, 2013 7:58 am Post subject: MQExplorer & SSL - Password issues. |
 |
|
Centurion
Joined: 15 Jun 2005
Posts: 127
Location: Ireland
|
Hi.
We are securing our test MQ infrastructure, to a point.
It is test, so not a major concern, but we want to prevent users accessing open SVRCONN channels, while maintaining an admin option through MQ Explorer.
So we are locking down SYSTEM channels. - MCA nouser, maxmsgl(1).
Viewer MCA Users on view channel, etc.
We are creating an admin channel, with "nouser" MCA, converted by BlockIP to admin user, when SSL Cert Common Name matches an expected value.
Then we use SSL on this channel, cms kdb on the qmgr side.
We've set up a jks for the MQ Explorer side.
Unfortunately I have had to enter the jks and password on the individual qmgr connection, rather than for the entire product.
While I can manipulate the xml to roll this out a bit quicker, I'm still left with one annoying issue.
MQ Explorer requires the jks password to be entered each time I connect to the qmgr. This is not a good solution really, and I'd love to avoid it.
There doesn't seem to be an option to create/modify a jks to "no password".
I can't (yet) find a way to get this password in and kept in MQ Explorer.
Has anyone done anything similar? Or can anyone solve my issues??
Thanks,
Ross. |
|
| Back to top |
|
 |
| zpat |
| Posted: Wed Nov 06, 2013 8:19 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
What version of MQ explorer? I don't have to re-enter it using 7.5.0.2
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| Ross |
| Posted: Wed Nov 06, 2013 9:20 am Post subject: |
|
|
Centurion
Joined: 15 Jun 2005
Posts: 127
Location: Ireland
|
Thanks for that.
I'm using V7.0 of Explorer.
MQ Version is V7.0.1
Interesting that you don't need to enter it in V7.5
I'll recheck this version!! |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Nov 07, 2013 8:02 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Go to Menu- Windows-Preferences Then open up MQ Explorer - client connection-SSL Key repositories... you can set there default repositories with their passwords...
Note that this does not apply to WMB connections... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Ross |
| Posted: Thu Nov 07, 2013 8:08 am Post subject: |
|
|
Centurion
Joined: 15 Jun 2005
Posts: 127
Location: Ireland
|
Thanks fjb_saper.
I had expected this to work. Was the first place I set it.
Didn't work with MQ Explorer V7.0.
The only way round it so far has been to install MQ Explorer V7.5.
Thanks. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Nov 07, 2013 8:16 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| Ross wrote: |
Thanks fjb_saper.
I had expected this to work. Was the first place I set it.
Didn't work with MQ Explorer V7.0.
The only way round it so far has been to install MQ Explorer V7.5.
Thanks. |
Don't remember having had the problem you describe @ V7.0
However as mentioned this only applies to the WMQ connection. Any WMB connection still requires you to enter the password...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Ross |
| Posted: Thu Nov 07, 2013 9:05 am Post subject: |
|
|
Centurion
Joined: 15 Jun 2005
Posts: 127
Location: Ireland
|
Thank you guys for your help.
I needed to go to:
Window, Preferences, Websphere MQ Explorer, Passwords
Select "Save Passwords to File".
The difference was that V7.5 prompted this information, so it was more apparent!
Which was why I got it to work easier in V7.5!
Set in V7.0 and working fine now.
Happy days...
Thanks.
Ross. |
|
| Back to top |
|
|
|
|
