| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Building a Certificate Expiry Report for MQ |
« View previous topic :: View next topic » |
| Author |
Message
|
| tczielke |
 Posted: Tue Jan 26, 2021 6:26 am Post subject: Building a Certificate Expiry Report for MQ |
 |
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
|
| Back to top |
|
 |
| hughson |
| Posted: Wed Jan 27, 2021 2:32 am Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
Is this a new blog post? Just odd that it is not at the top of the list.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| tczielke |
| Posted: Wed Jan 27, 2021 5:32 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
No, this is an existing blog post where I added more content for examples/tools on how to build a certificate expiry report through channel authentication rules that validate the serialnumber and issuer of a certificate.
I find it interesting how this certificate expiry report naturally falls out of channel authentication rules that check both the serialnumber and issuer of a certificate. There are numerous RFEs asking for this functionality to help with warning/tracking certificate expiration, and this functionality has been in the product since channel authentication rules have been able to do this validation. Sometimes you are looking for something, and it has been there all along (or at least for awhile). 
_________________
Working with MQ since 2010. |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Wed Jan 27, 2021 3:44 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
We rely on our CA / signer informing us of impending cert expiry. However, its worth having more than one source of information. There is nothing worse than a prod cert actually expiring and bringing MQ messaging to a grinding halt, especially if external business partners are involved.
_________________
Glenn |
|
| Back to top |
|
|
| tczielke |
| Posted: Wed Jan 27, 2021 4:46 pm Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
We have a CA that sends out reminders, too. However, the reminders would just be for the queue manager certs that we own. What is nice about implementing channel authentication sslpeer rules that validate both the serialnumber and issuer is you now control what certificates you allow to operate in your MQ environment on both the client and queue manager side. So your channel authentication sslpeer rules become a source of truth for all the certificates that are allowed to operate in your MQ environment (e.g. queue manager, client, business partners, etc.).
_________________
Working with MQ since 2010. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
