| Author |
Message
|
| jed |
 Posted: Sun Mar 07, 2004 9:19 pm Post subject: IBM MQ v5.3 SSL question. |
 |
|
Centurion
Joined: 08 Jan 2004
Posts: 118
Location: MI, USA
|
I have a question....
I'm going to setup SSL on one machine (IBM MQ v5.3) and the other machine is v5.2.
Will SSL work between the two machines?
Or, do I need to upgrade the other machine to v5.3?
_________________
Jed |
|
| Back to top |
|
 |
| kman |
| Posted: Mon Mar 08, 2004 12:23 am Post subject: |
|
|
Partisan
Joined: 21 Jan 2003
Posts: 309
Location: Kuala Lumpur, Malaysia
|
|
| Back to top |
|
|
| jed |
| Posted: Mon Mar 08, 2004 2:02 am Post subject: IBM MQ v5.3 |
|
|
Centurion
Joined: 08 Jan 2004
Posts: 118
Location: MI, USA
|
I'm going to do more reading....
But, my boss says that prior to IBM MQ v5.3.... SSL isn't supported.
Only in IBM MQ v5.3 is SSL supported.
Can anyone here tell if that is true?
And, again..... my previous question was.... I'm going to setup SSL on one machine with IBM MQ v5.3..... This machine will send messages to another machine with IBM MQ v5.2....
Will it work???? Or, do I need to upgrade the receiving machine to IBM MQ v5.3?
I'm just new at this so please don't put any sarcasm, thanks a lot.
Just for fyi, I haven't reached this part yet..... I just finished doing programs on channel exits and event monitoring.
So, please again don't tell me to read..... Just need to know if I do need to setup IBM MQ v5.3 on the receiving machine.
Thanks again.........
_________________
Jed |
|
| Back to top |
|
|
| JasonE |
| Posted: Mon Mar 08, 2004 2:09 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
SSL support was added in 5.3 as per the above update. This means that you need BOTH ends to be 5.3 to have SSL support.
You can configure 5.3 to talk to 5.2 quite happily, you just cannot use SSL to do it. Having an assigned certificate on the 5.3 machine will not impact a non-SSL channel |
|
| Back to top |
|
|
| jed |
| Posted: Mon Mar 08, 2004 2:35 am Post subject: Thanks for the info... |
|
|
Centurion
Joined: 08 Jan 2004
Posts: 118
Location: MI, USA
|
Thanks Mr. JasonE for the info......
Yes, I was able to configure to let v5.3 to talk to v5.2 without any hitches (and its on base CSD!).
Now I can do my SSL testing, setup and programming.......
Last question, it may sound silly but need to ask.
If BOTH ends are v5.3, Can I make them "SSL talk" even though I haven't uploaded the latest CSD (I think its CSD 06)?
_________________
Jed |
|
| Back to top |
|
|
| crossland |
| Posted: Mon Mar 08, 2004 3:11 am Post subject: |
|
|
Master
Joined: 26 Jun 2001
Posts: 248
|
If you are looking to use GSK, you will need to add maintenance to make full use of it. It would be good practice to get the latest maintenance, anyway.
Regards,
Tim Crossland
http://www.solent-consultancy.com |
|
| Back to top |
|
|
| jed |
| Posted: Mon Mar 08, 2004 3:20 am Post subject: |
|
|
Centurion
Joined: 08 Jan 2004
Posts: 118
Location: MI, USA
|
I'll keep that in mind Tim.
I still don't know what GSK is, I just printed the MQ Security PDF on v5.3
I still even don't know how to upload the CSD, the only thing I got from my boss was to follow the instructions found in the IBM manuals.
_________________
Jed |
|
| Back to top |
|
|
| JasonE |
| Posted: Mon Mar 08, 2004 3:38 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
Put service on (Fixpacks / CSDs), fp5 is the minimum I would look at.
If you are not on Windows, SSL support is done using Gskit, so make sure you apply the latest version from the same site as you get the fixpacks.
5.3->5.3 SSL is definitely possible, but you need to understand what you are doing. Either read the Security manual, look at the documents repository on this site, or search the forums (or all of them!!) to get information |
|
| Back to top |
|
|
| crossland |
| Posted: Mon Mar 08, 2004 4:11 am Post subject: |
|
|
Master
Joined: 26 Jun 2001
Posts: 248
|
|
| Back to top |
|
|
| jed |
| Posted: Wed Mar 17, 2004 10:30 pm Post subject: |
|
|
Centurion
Joined: 08 Jan 2004
Posts: 118
Location: MI, USA
|
Hi Tim,
Thanks for the info, I was able to download and install CSD 06 for IBM WebSphere MQ v5.3 for Windows.
Thanks
Dino
_________________
Jed |
|
| Back to top |
|
|
| crossland |
| Posted: Thu Mar 18, 2004 2:02 am Post subject: |
|
|
Master
Joined: 26 Jun 2001
Posts: 248
|
GSK is the acronym for Global Security Kit. It is used for SSL on UNIX and includes the iKeyman key management utility which can be used to create key databases, public-private key pairs and certificate requests.
Regards,
Tim Crossland
http://www.solent-consultancy.com |
|
| Back to top |
|
|
|
|
