| Author |
Message
|
| chetandada |
 Posted: Wed Sep 12, 2018 2:45 am Post subject: SSL Configuration using C Programming language |
 |
|
Newbie
Joined: 12 Sep 2018
Posts: 7
|
hello all ,
I have code to connect remote MQ which is connected successfully to remote MQ. now i need to configure SSL.
Is there any code available for SSL in C and steps to configure SSL??
Thanks in advance [/b] |
|
| Back to top |
|
 |
| exerk |
| Posted: Wed Sep 12, 2018 3:26 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
From your question the assumption is that you are invoking MQ Client as the connection method, in which case look in the Knowledge Centre for articles related to MQCONNX...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| hughson |
| Posted: Wed Sep 12, 2018 2:46 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
Suggest you do not programmatically do this, but instead configure a CCDT and have your application use that. This is much more flexible and keeps your application simple. It also leaves administration in the hands of the MQ Administrator and the business application logic with the programmer. A good separation of duties.
Read the following for information on configuring SSL with a CCDT.
Using CA-signed certificates for mutual authentication of a client and queue manager
Cheers,
Morag
<plug>I also provide an online training module that will teach you how to setup SSL for clients if you're interested - see link in sig</plug>
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Thu Sep 13, 2018 10:54 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
<Rant>OK, I hate when people say "SSL" when what they mean is "X.509" certificates used with ciphers. The "setup" is building out Public Key Infrastructure (PKI). So everywhere any product says "SSL" it should say "PKI".</Rant>
SSL is a group of ciphers (all deprecated)
TLS is a group of ciphers (some deprecated)
It won't belong until our computer overlords take over all these functions an relegate us to making art.
In the mean time, use the mqclient.ini file to point to the CCDT and keystore. Weirdly enough, you must use the environment variables MQCHLLIB and MQCHLTAB when building the CCDT using "runmqsc -n" as that command will not read the mqclient.ini file.
I would accept the excuse that the -c option was not given and that is why it didn't get read, but you cannot combine -n and -c (which would be nice imho).
Whatever. |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Sep 13, 2018 12:50 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| JosephGramig wrote: |
| ...Weirdly enough, you must use the environment variables MQCHLLIB and MQCHLTAB when building the CCDT using "runmqsc -n" as that command will not read the mqclient.ini file... |
Why? If those variables aren't set it creates one in /var/mqm (%installroot%, or Windows equivalent).
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Thu Sep 13, 2018 1:10 pm Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
| exerk wrote: |
| JosephGramig wrote: |
| ...Weirdly enough, you must use the environment variables MQCHLLIB and MQCHLTAB when building the CCDT using "runmqsc -n" as that command will not read the mqclient.ini file... |
Why? If those variables aren't set it creates one in /var/mqm (%installroot%, or Windows equivalent). |
So you enjoy those defaults... I find them less than descriptive.
The point I was making, is 'runmqsc -n' will not read the mqclient.ini but 'runmqsc -c' will read it. I would like it to always read the mqclient.ini so I don't need to set environment variables. It will still use the defaults if you don't have the name/value pairs in the stanza.
You can see the defaults here which differs from what you said.  |
|
| Back to top |
|
|
| hughson |
| Posted: Thu Sep 13, 2018 10:05 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
| JosephGramig wrote: |
| <Rant>OK, I hate when people say "SSL" when what they mean is "X.509" certificates used with ciphers. The "setup" is building out Public Key Infrastructure (PKI). So everywhere any product says "SSL" it should say "PKI".</Rant> |
I'm sure the OP is happy to have his question corrected in this way. It may be that he's been told to "get SSL on the channels" and doesn't know enough of the intricacies of the terminology to ask it any other way. We all knew what he meant to be fair to him.
| JosephGramig wrote: |
SSL is a group of ciphers (all deprecated)
TLS is a group of ciphers (some deprecated) |
Hmmm, I thought they were cryptographic protocols?
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| tczielke |
| Posted: Fri Sep 14, 2018 3:48 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
| hughson wrote: |
| JosephGramig wrote: |
| <Rant>OK, I hate when people say "SSL" when what they mean is "X.509" certificates used with ciphers. The "setup" is building out Public Key Infrastructure (PKI). So everywhere any product says "SSL" it should say "PKI".</Rant> |
I'm sure the OP is happy to have his question corrected in this way. It may be that he's been told to "get SSL on the channels" and doesn't know enough of the intricacies of the terminology to ask it any other way. We all knew what he meant to be fair to him.
| JosephGramig wrote: |
SSL is a group of ciphers (all deprecated)
TLS is a group of ciphers (some deprecated) |
Hmmm, I thought they were cryptographic protocols?
Cheers,
Morag |
Correct, SSL/TLS are protocols -> https://tools.ietf.org/html/rfc5246
Specifically, TLS is a protocol for providing communications security over the internet. The protocol specification does talk about things like certicates, ciphers, etc. so TLS is much broader than just ciphers.
_________________
Working with MQ since 2010. |
|
| Back to top |
|
|
| chetandada |
| Posted: Tue Oct 09, 2018 3:58 am Post subject: |
|
|
Newbie
Joined: 12 Sep 2018
Posts: 7
|
[quote="hughson"][quote="JosephGramig"]<Rant>I am getting 2553 MQ erorr can you justify what is the exact root cause.
thanks in advance |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Oct 09, 2018 5:04 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| chetandada wrote: |
| I am getting 2553 MQ erorr can you justify what is the exact root cause. |
It's as shown here.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| chetandada |
| Posted: Tue Oct 09, 2018 5:07 am Post subject: |
|
|
Newbie
Joined: 12 Sep 2018
Posts: 7
|
| Vitor wrote: |
| chetandada wrote: |
| I am getting 2553 MQ erorr can you justify what is the exact root cause. |
It's as shown here. |
Thanks |
|
| Back to top |
|
|
|
|
