ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ SupportMQSSL Connection Problem-Solaris(Client) to Windows(Server)

Post new topicReply to topic
MQSSL Connection Problem-Solaris(Client) to Windows(Server) View previous topic :: View next topic
Author Message
lovejava
PostPosted: Fri Nov 26, 2004 12:46 am Post subject: MQSSL Connection Problem-Solaris(Client) to Windows(Server) Reply with quote

Newbie

Joined: 26 Nov 2004
Posts: 1
Hi,

I am facing a problem while establishing an SSL connection between MQ Client and Server.

Current Scenario
Standalone Client application running on Sun Solaris, MQ client is on the Sun Solaris and MQ server is on the Windows XP. We don’t have any application server.
There is no clustering.

Requirement
Client (on Sun Solaris) needs to connect to the MQ Queue Manager (on Windows XP) using SSL.

What we have done

[1] Created a personal certificate (downloaded demo certificate from GlobalSign) and added to Internet explorer of the server machine (where the MQ Server is installed)
[2] Created a keystore for our application and store it in mqclientkeystore file.
[3] Exported the public key for the personal certificate stored in mqclientkeystore to a file called mqclient.key
[4] FTPed the mqclient.key file into the MQ Server machine
[5] To configure the QManager as the SSL server we have assigned it a personal certificate (generated previously in step 1).
[6] We have added the public certificate for the client (mqclient.key) to the QManager. This required to authenticate the client.
[7] We configured Client and Server connection Channel and specified the Cipher specification (TRIPLE_DES_SHA_US, I also tried with RC4_MD5_US).
[8] We have exported the certificates from IE in the “DER encoder binary X.509 .CER” format
[9] Now we have used keytool to import the CA certificates into the mqserverkeystore.
Here instead of creating separate keystore (mqserverkeystore) we tried to use default keystore for CA certificates (cacerts).
[10] We then tried to execute the MQ application to use SSL.
We used following command to execute the application
java -Djavax.net.ssl.keyStore=/var/mqm/ssl/SSL_QMGR_GLOBALSIGN/mqserverkeystore -Djavax.net.sslkeyStorePassword=changeit -Djavax.net.ssl.trustStore=/var/mqm/ssl/SSL_QMGR_GLOBALSIGN/mqclientkeystore -Djavax.net.ssl.trustStorePassword=changeit com/jpmc/glossistar/utils/mq/MQUtility2

Problem
When execute the application I am getting following error:

default context init failed: java.security.UnrecoverableKeyException: Cannot recover key
It seems to be something wrong with the client keystore. It is not able to read the keystore.
If I uncheck the “Always authenticate parties initiating connections to this channel definition” Check box in Server connection Channel -> properties->SSL Tab, then it connects and read from the Queue with some error. However it is at least able to connect to the Q Manager.

Please let me know if you have any suggestion.

Regards,
Suman
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ SupportMQSSL Connection Problem-Solaris(Client) to Windows(Server)
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.