ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General Discussion » MQ SSL

Post new topic  Reply to topic
 MQ SSL « View previous topic :: View next topic » 
Author Message
MQTrigger
PostPosted: Wed Feb 11, 2004 6:38 pm    Post subject: MQ SSL Reply with quote

Apprentice

Joined: 01 Dec 2002
Posts: 39
I have a question regarding the SSL for MQ. First, here's my scenario

In a windows enivronment I use OpenSSL and create a self-signed certificate and private key. I then create a server private key and a server certificate request. I sign this request with the CA key and then export this signed personal certificate into a PKCS12 format to be used in the queue manager or client store. In this example I used the same CA key to sign both private keys.

In a Unix environment I use ikeyman and create a key store and self signed certificate on both the receiver end and sender end within their respective key stores. Then I export their CA certificates (arm files) into the opposite keystores (for 2 way authentication).

Both scenario's work but the question is does the window's environment require that the personal certificate be signed by the same CA key on both ends? Assuming I want a 2 way authentication.

Doesn't seem that the Unix environment uses the same CA signature because I created both seperately.

Thanks
Back to top
View user's profile Send private message
JasonE
PostPosted: Thu Feb 12, 2004 2:17 am    Post subject: Reply with quote

Grand Master

Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
No, both sides can have different CA's

So if you have
privatekey1 signed by rootca1
privatekey2 signed by rootca2
(where rootca1 can be the same as rootca2)

Then the setup is

Code:
QM1                        QM2
Privatekey1                PrivateKey2
rootca2                    rootca1
Back to top
View user's profile Send private message
MQTrigger
PostPosted: Thu Feb 12, 2004 6:41 am    Post subject: Can be the same? Reply with quote

Apprentice

Joined: 01 Dec 2002
Posts: 39
Hi Jason,

Thanks for the reply. I think you answered my question. Correct me if I'm wrong but you are saying that the CA's are different for both sides but CAN be signed by the same CA and still function correct?

Sorry if my questions sound silly, I'm just trying to understand it a little deeper.
Back to top
View user's profile Send private message
JasonE
PostPosted: Thu Feb 12, 2004 6:59 am    Post subject: Reply with quote

Grand Master

Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
My terminology is probably wrong, but the CA (certification authority) is the signer. Eg you could have

QM1
Assigned personal certificate signed by Globalsign
Verisign Intermediate CA
Verisign root CA

QM2
Assigned personal certificate signed by Verisign
Globalsign Intermediate CA
Globalsign root CA
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General Discussion » MQ SSL
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.