| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SSL Certificates and Cipher spec's |
« View previous topic :: View next topic » |
| Author |
Message
|
| DeonM |
 Posted: Wed Jun 21, 2017 10:31 pm Post subject: SSL Certificates and Cipher spec's |
 |
|
Newbie
Joined: 23 May 2008
Posts: 6
|
Hi,
I've tested with self signed certificates between AIX and Zos queue managers successfully with Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA
Zos: V8
AIX V9
question 1. Channels not working with all Cipher Specs supported on AIX and Zos. Is this due to the self signed certificates.
Question2. Will request now CA signed certificates. (Any specific type of Certificate, key usage)
Thx
Deon. |
|
| Back to top |
|
 |
| hughson |
| Posted: Thu Jun 22, 2017 12:47 am Post subject: Re: SSL Certificates and Cipher spec's |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
| DeonM wrote: |
| question 1. Channels not working with all Cipher Specs supported on AIX and Zos. Is this due to the self signed certificates. |
If you are asking why the same certificate you got working with TLS_RSA_WITH_3DES_EDE_CBC_SHA doesn't work with some other cipherspecs, it's not due to the self-signed nature of your certificate, but it is due to other aspects of your certificates. Read more in Knowledge Center:
Digital certificates and CipherSpec compatibility in IBM MQ
In short, not all certificates can work with all cipherspecs.
| DeonM wrote: |
| Question2. Will request now CA signed certificates. (Any specific type of Certificate, key usage) |
I suspect others will also jump in with recommendations, but as per the above link, you need to know what cipherspecs you intend to use before you decide what type of certificate to get.
Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Jun 22, 2017 5:41 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Depending on your CA you may also have to check purpose / suitability fields for the cert.
Make sure to check all the relevant ones like (but not exhaustive)
- server auth
- client auth
- Digital Signature
- non Repudiation
- key encipherment
- data encipherment
- key agreement
Hope it helps 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| DeonM |
| Posted: Wed Jul 12, 2017 12:26 am Post subject: Cipher specs. |
|
|
Newbie
Joined: 23 May 2008
Posts: 6
|
Hi,
Thx for the link, will have a look.
Thx
Deon. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
