| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Java iSeries SSL |
« View previous topic :: View next topic » |
| Author |
Message
|
| johsei |
 Posted: Tue Dec 07, 2004 5:17 am Post subject: Java iSeries SSL |
 |
|
Newbie
Joined: 07 Dec 2004
Posts: 3
|
Hello,
I have a really annoying error when dealing with MQ 5.3 with SSL and the certificate stores
The MQ Server is installed on a Windows Server with correct certificates installed.
When using my Java Application to connect it works perfectly when using pure JSSE and SUN's JDK 1.4.2_04
from a windows machine.
This code is also complient to run on iSeries and of course I need the SSL support to work there as well.
I run IBMnativeSSL and thus have installed the CA certificates in the Digital Certificate Manager. Doing this will make Server Authentification to work, however when I turn on the client authentification the server gives me the error: Channel is lacking a certificate.
In my application I can provide a Keystore to supply my certificate.
When using pure jsse I point this to a Keystore created by the keytool included in the JSDK - This works perfectly, same thing when running on an iSeries,
but in that case the connection is dropped due to the error mentioned above.
As I see it the configuration is correct and all certificates are assigned, which puzzels me.
Another way to provide the client certificates would of course be to use iSeries Keystore,
but after searching the web, there is no documentation of the keystore type of the file Default.KDB and therefore my application fails to handle the file and crasch.
Can anyone assist? |
|
| Back to top |
|
 |
| slaupster |
| Posted: Tue Dec 07, 2004 6:25 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2004
Posts: 41
|
There is a redbook that talks about as/400 internet security and there is a section on doing this is java - some kind of toolkit, the "as/400 toolbox for Java to use SSL". The redbook is here :
http://www.redbooks.ibm.com/abstracts/sg245659.html
On another note, only Sun JDK 1.4.2 and above is supported with MQ 5.3 csd08 and above, but as you may have found it works most of the time anyway, but just for support purposes... |
|
| Back to top |
|
|
| johsei |
| Posted: Tue Dec 07, 2004 8:13 am Post subject: Thank you! |
|
|
Newbie
Joined: 07 Dec 2004
Posts: 3
|
Thanks a lot for the awfully quick response, I'll have a look at the red book and let you know how it went.
cheers!
Johan |
|
| Back to top |
|
|
| johsei |
| Posted: Mon Dec 13, 2004 7:25 am Post subject: |
|
|
Newbie
Joined: 07 Dec 2004
Posts: 3
|
I read the book and unfortunally didn't find any useful settings. I have on the other hand managed to switch from IBM's native JSSE to Pure JSSE, and thus generated another error message:
javax.net.ssl.SSLHandshakeException: handshake failure
It seems like the client can handle my keystore in JKS now but, when presenting its credentials to the server something's wrong. The certificates are setup in the same mannor as when I ran it on suns JDK.
Anyone had the same problem? |
|
| Back to top |
|
|
| slaupster |
| Posted: Mon Dec 13, 2004 11:20 am Post subject: |
|
|
Apprentice
Joined: 17 Nov 2004
Posts: 41
|
sorry I can't help any more, but I think that IBM does not usually support Sun's JSSE, and maybe you should check this out before you go too far down an unsupportable route. If you open a PMR now you will have to move back to the supported evenvironment before they can give you any help.
hope you get this sorted... |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
