MQSeries.net :: View topic - self signed + 3rd party cert SSL on 1 qmgr

tgow

Hi.

I would like to make this work if at all possible on ONE (1) queue manager.

I have one qmgr, in this example named QM1. I have 3 clients, we'll call them clientA, clientB, and clientC

Here's my system details:
QM1 is websphere MQ 5.3 cd07 on a sunOS / solaris 2.8 server.

I have a 3rd party Entrust cert, ibmwebspheremqqm1 which works perfectly fine for ClientA and ClientB. Both are using SDR/RCVR.

ClientC would like us to send a key after we make a request from their private CA for a ClientC self-signed private signing key for use on our QM1. (They are a Bank, and innately don't trust 3rd party for some reason.)

ClientC will be using SVR/RCVR, where we will be the inactive party awaiting inbound connections for gets and puts from our server will be done actively via the RCVR channel. I have no defintions set up for ClientC's connection yet, as I want to make sure this might work before I give it a go.

Basically, what I'd like to do is install this second certificate as well as their Private CA for use with only ClientC. Is there a way I can install this signing cert into our keystore/repository, and have the client specify in the SSLPEER definition (or some other field) that they'd like to use this secondary cert for SSL connectivity instead of the default 3rd party cert? I was thinking instead of naming it with a default label of "ibmwebspheremqqm1", perhaps I could make it something else like "ibmwebspheremq.qm1".

Perhaps using SSLPEER(OU="something different than our default cert")?

Is this feasible? Thoughts are very appreciated!

Thanks,
-Seth