ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ SupportSSL Certificates and Cipher spec's

Post new topicReply to topic
SSL Certificates and Cipher spec's View previous topic :: View next topic
Author Message
DeonM
PostPosted: Wed Jun 21, 2017 10:31 pm Post subject: SSL Certificates and Cipher spec's Reply with quote

Newbie

Joined: 23 May 2008
Posts: 6

Hi,

I've tested with self signed certificates between AIX and Zos queue managers successfully with Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA

Zos: V8
AIX V9

question 1. Channels not working with all Cipher Specs supported on AIX and Zos. Is this due to the self signed certificates.

Question2. Will request now CA signed certificates. (Any specific type of Certificate, key usage)

Thx
Deon.
Back to top
View user's profile Send private message
hughson
PostPosted: Thu Jun 22, 2017 12:47 am Post subject: Re: SSL Certificates and Cipher spec's Reply with quote

Shaman

Joined: 09 May 2013
Posts: 725
Location: Bay of Plenty, New Zealand

DeonM wrote:
question 1. Channels not working with all Cipher Specs supported on AIX and Zos. Is this due to the self signed certificates.

If you are asking why the same certificate you got working with TLS_RSA_WITH_3DES_EDE_CBC_SHA doesn't work with some other cipherspecs, it's not due to the self-signed nature of your certificate, but it is due to other aspects of your certificates. Read more in Knowledge Center:

Digital certificates and CipherSpec compatibility in IBM MQ

In short, not all certificates can work with all cipherspecs.

DeonM wrote:
Question2. Will request now CA signed certificates. (Any specific type of Certificate, key usage)

I suspect others will also jump in with recommendations, but as per the above link, you need to know what cipherspecs you intend to use before you decide what type of certificate to get.

Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
fjb_saper
PostPosted: Thu Jun 22, 2017 5:41 am Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19246
Location: LI,NY

Depending on your CA you may also have to check purpose / suitability fields for the cert.
Make sure to check all the relevant ones like (but not exhaustive)
  • server auth
  • client auth
  • Digital Signature
  • non Repudiation
  • key encipherment
  • data encipherment
  • key agreement


Hope it helps
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
DeonM
PostPosted: Wed Jul 12, 2017 12:26 am Post subject: Cipher specs. Reply with quote

Newbie

Joined: 23 May 2008
Posts: 6

Hi,

Thx for the link, will have a look.

Thx
Deon.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ SupportSSL Certificates and Cipher spec's
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.