ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » SSL Configuration using C Programming language

Post new topic  Reply to topic
 SSL Configuration using C Programming language « View previous topic :: View next topic » 
Author Message
chetandada
PostPosted: Wed Sep 12, 2018 2:45 am    Post subject: SSL Configuration using C Programming language Reply with quote

Newbie

Joined: 12 Sep 2018
Posts: 7

hello all ,

I have code to connect remote MQ which is connected successfully to remote MQ. now i need to configure SSL.

Is there any code available for SSL in C and steps to configure SSL??

Thanks in advance [/b]
Back to top
View user's profile Send private message
exerk
PostPosted: Wed Sep 12, 2018 3:26 am    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

From your question the assumption is that you are invoking MQ Client as the connection method, in which case look in the Knowledge Centre for articles related to MQCONNX...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
hughson
PostPosted: Wed Sep 12, 2018 2:46 pm    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

Suggest you do not programmatically do this, but instead configure a CCDT and have your application use that. This is much more flexible and keeps your application simple. It also leaves administration in the hands of the MQ Administrator and the business application logic with the programmer. A good separation of duties.

Read the following for information on configuring SSL with a CCDT.

Using CA-signed certificates for mutual authentication of a client and queue manager

Cheers,
Morag

<plug>I also provide an online training module that will teach you how to setup SSL for clients if you're interested - see link in sig</plug>
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
JosephGramig
PostPosted: Thu Sep 13, 2018 10:54 am    Post subject: Reply with quote

Grand Master

Joined: 09 Feb 2006
Posts: 1230
Location: Gold Coast of Florida, USA

<Rant>OK, I hate when people say "SSL" when what they mean is "X.509" certificates used with ciphers. The "setup" is building out Public Key Infrastructure (PKI). So everywhere any product says "SSL" it should say "PKI".</Rant>

SSL is a group of ciphers (all deprecated)
TLS is a group of ciphers (some deprecated)

It won't belong until our computer overlords take over all these functions an relegate us to making art.

In the mean time, use the mqclient.ini file to point to the CCDT and keystore. Weirdly enough, you must use the environment variables MQCHLLIB and MQCHLTAB when building the CCDT using "runmqsc -n" as that command will not read the mqclient.ini file.

I would accept the excuse that the -c option was not given and that is why it didn't get read, but you cannot combine -n and -c (which would be nice imho).

Whatever.
Back to top
View user's profile Send private message AIM Address
exerk
PostPosted: Thu Sep 13, 2018 12:50 pm    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

JosephGramig wrote:
...Weirdly enough, you must use the environment variables MQCHLLIB and MQCHLTAB when building the CCDT using "runmqsc -n" as that command will not read the mqclient.ini file...

Why? If those variables aren't set it creates one in /var/mqm (%installroot%, or Windows equivalent).
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
JosephGramig
PostPosted: Thu Sep 13, 2018 1:10 pm    Post subject: Reply with quote

Grand Master

Joined: 09 Feb 2006
Posts: 1230
Location: Gold Coast of Florida, USA

exerk wrote:
JosephGramig wrote:
...Weirdly enough, you must use the environment variables MQCHLLIB and MQCHLTAB when building the CCDT using "runmqsc -n" as that command will not read the mqclient.ini file...

Why? If those variables aren't set it creates one in /var/mqm (%installroot%, or Windows equivalent).


So you enjoy those defaults... I find them less than descriptive.

The point I was making, is 'runmqsc -n' will not read the mqclient.ini but 'runmqsc -c' will read it. I would like it to always read the mqclient.ini so I don't need to set environment variables. It will still use the defaults if you don't have the name/value pairs in the stanza.

You can see the defaults here which differs from what you said.
Back to top
View user's profile Send private message AIM Address
hughson
PostPosted: Thu Sep 13, 2018 10:05 pm    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

JosephGramig wrote:
<Rant>OK, I hate when people say "SSL" when what they mean is "X.509" certificates used with ciphers. The "setup" is building out Public Key Infrastructure (PKI). So everywhere any product says "SSL" it should say "PKI".</Rant>
I'm sure the OP is happy to have his question corrected in this way. It may be that he's been told to "get SSL on the channels" and doesn't know enough of the intricacies of the terminology to ask it any other way. We all knew what he meant to be fair to him.

JosephGramig wrote:
SSL is a group of ciphers (all deprecated)
TLS is a group of ciphers (some deprecated)
Hmmm, I thought they were cryptographic protocols?

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
tczielke
PostPosted: Fri Sep 14, 2018 3:48 am    Post subject: Reply with quote

Guardian

Joined: 08 Jul 2010
Posts: 939
Location: Illinois, USA

hughson wrote:
JosephGramig wrote:
<Rant>OK, I hate when people say "SSL" when what they mean is "X.509" certificates used with ciphers. The "setup" is building out Public Key Infrastructure (PKI). So everywhere any product says "SSL" it should say "PKI".</Rant>
I'm sure the OP is happy to have his question corrected in this way. It may be that he's been told to "get SSL on the channels" and doesn't know enough of the intricacies of the terminology to ask it any other way. We all knew what he meant to be fair to him.

JosephGramig wrote:
SSL is a group of ciphers (all deprecated)
TLS is a group of ciphers (some deprecated)
Hmmm, I thought they were cryptographic protocols?

Cheers,
Morag


Correct, SSL/TLS are protocols -> https://tools.ietf.org/html/rfc5246

Specifically, TLS is a protocol for providing communications security over the internet. The protocol specification does talk about things like certicates, ciphers, etc. so TLS is much broader than just ciphers.
_________________
Working with MQ since 2010.
Back to top
View user's profile Send private message
chetandada
PostPosted: Tue Oct 09, 2018 3:58 am    Post subject: Reply with quote

Newbie

Joined: 12 Sep 2018
Posts: 7

[quote="hughson"][quote="JosephGramig"]<Rant>I am getting 2553 MQ erorr can you justify what is the exact root cause.

thanks in advance
Back to top
View user's profile Send private message
Vitor
PostPosted: Tue Oct 09, 2018 5:04 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

chetandada wrote:
I am getting 2553 MQ erorr can you justify what is the exact root cause.


It's as shown here.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
chetandada
PostPosted: Tue Oct 09, 2018 5:07 am    Post subject: Reply with quote

Newbie

Joined: 12 Sep 2018
Posts: 7

Vitor wrote:
chetandada wrote:
I am getting 2553 MQ erorr can you justify what is the exact root cause.


It's as shown here.


Thanks
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » SSL Configuration using C Programming language
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.