ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » CONSUME CACERT VIA IIBV10

Post new topic  Reply to topic
 CONSUME CACERT VIA IIBV10 « View previous topic :: View next topic » 
Author Message
HSarwan
PostPosted: Wed Feb 24, 2021 2:26 am    Post subject: CONSUME CACERT VIA IIBV10 Reply with quote

Novice

Joined: 14 Feb 2021
Posts: 11

Hello,

Our data-center gave us server certificate with private key to secure outbound request. i performed below commands and it works fine. i am able to expose my services using cacert certificate.

Code:

keytool -importkeystore -srckeystore /data/esbuser/AllCert/server.p12 -destkeystore /data/esbuser/AllCert/store.jks -srcstoretype pkcs12 -alias shared
   mqsichangeproperties BAHL_BROK2 -e default -o ComIbmJVMManager -n keystoreFile -v  /data/esbuser/AllCert/store.jks
   mqsichangeproperties BAHL_BROK2 -e default -o ComIbmJVMManager -n keystoreType -v JKS
   mqsichangeproperties BAHL_BROK2 -e default -o ComIbmJVMManager -n keystorePass -v defaultKeystore::password
   mqsisetdbparms BAHL_BROK2 -n defaultKeystore::password -u ignore -p admin123/?
   keytool -import -trustcacerts -alias abc -file /data/esbuser/AllCert/bcrsdevobdxesb.cer -keystore /data/esbuser/AllCert/TStore.jks
   keytool -list -keystore /data/esbuser/AllCert/TStore.jks -storepass admin123/?
   mqsichangeproperties BAHL_BROK2 -e default -o ComIbmJVMManager -n truststoreFile -v /data/esbuser/AllCert/TStore.jks
   mqsichangeproperties BAHL_BROK2 -e default -o ComIbmJVMManager -n truststorePass -v defaultTruststore::password
   mqsichangeproperties BAHL_BROK2 -e default -o ComIbmJVMManager -n truststoreType -v JKS
   mqsisetdbparms BAHL_BROK2 -n defaultTruststore::password -u ignore -p admin123/?
   keytool -list -keystore /data/esbuser/AllCert/store.jks -storepass admin123/?
   mqsichangeproperties BAHL_BROK2 -e default -o HTTPSConnector -n sslProtocol -v TLSv1.2
   mqsichangeproperties BAHL_BROK2  -e default -o HTTPSConnector  -n explicitlySetPortNumber -v 7844
   mqsireportproperties BAHL_BROK2  -e default -o HTTPSConnector  -r



now some third party application gave us their cacert, how we can configure it so that we can consume it ? Please help.
Back to top
View user's profile Send private message
abhi_thri
PostPosted: Wed Feb 24, 2021 3:36 am    Post subject: Reply with quote

Knight

Joined: 17 Jul 2017
Posts: 516
Location: UK

hi...so you just want to add a CA cert to Node's truststore? the steps are listed in the below infocenter link which uses gsk7cmd but you can do the same with keytool as well.

https://www.ibm.com/support/knowledgecenter/SSMKHH_10.0.0/com.ibm.etools.mft.doc/ap34020_.html#ap34020_50
Back to top
View user's profile Send private message
HSarwan
PostPosted: Sun Feb 28, 2021 5:58 am    Post subject: Reply with quote

Novice

Joined: 14 Feb 2021
Posts: 11

Thanx for reply,
both iib consumer and provider end has same root and intermediate CA, so i performed below command and it works at iib consumer end.

Code:

keytool -import -trustcacerts -file certificate.cer -keystore Truststore.jks -alias "Alias"


what if iib at consumer end has different root, intermediate than that of iib at provider(server) end, then will above command work ?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » CONSUME CACERT VIA IIBV10
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.