| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ SSL with JMS client and WebLogic 8.1 |
« View previous topic :: View next topic » |
| Author |
Message
|
| bousquf |
 Posted: Wed Nov 30, 2005 1:39 pm Post subject: MQ SSL with JMS client and WebLogic 8.1 |
 |
|
Newbie
Joined: 30 Nov 2005
Posts: 3
|
I am running an MQSeries 5.3 CSD11 QManager on Solaris sparc 9 with SSL configuration.
I am trying to setup JMS connection over SSL with WebLogic 8.1.
Without SSL everything was running fine. With an SSL channel, I am not able to specify the location of the client keystore to the application (WebLogic).
When running ssl debug with WebLogic I got this:
| Code: |
<2005-11-30 15 h 46 EST> <Debug> <JMSConnector> <000000> <Getting the connection factory QCF...>
<2005-11-30 15 h 46 EST> <Debug> <JMSConnector> <000000> <QCF : Ok. Getting a Queue connection...>
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: /opt/bea_weblogic_81sp4/jdk142_05/jre/lib/security/cacerts
trustStore type is : jks
init truststore
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure S
|
After that, it fails because it can't trust the qmanager's certificate. The CA is not in the JDK truststore.
I can't change the application code, but I am able to modify JNDI bindings and WebLogic config.
I've try specifying keystores location in the JNDI ConnectionFactory properties without success.
I don't want to put keystore password in the java command line startup of WebLogic.
-Djavax.net.ssl.keyStore=/domains/ease_eai/mqm/ssl/key.jks
-Davax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=/domains/ease_eai/mqm/ssl/key.jks
-Djavax.net.ssl.trustStorePassword=password
Where do I need to specify these ? |
|
| Back to top |
|
 |
| Tibor |
| Posted: Thu Dec 01, 2005 6:45 am Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
Try this way:
| Code: |
System.setProperty( "javax.net.ssl.keyStore", "key.jks");
System.setProperty( "javax.net.ssl.keyStorePassword", "password" );
System.setProperty( "javax.net.ssl.trustStore", "key.jks");
System.setProperty( "javax.net.ssl.trustStorePassword", "password" ); |
HTH,
Tibor |
|
| Back to top |
|
|
| bousquf |
| Posted: Thu Dec 01, 2005 6:50 am Post subject: |
|
|
Newbie
Joined: 30 Nov 2005
Posts: 3
|
Is there a way to do it without modifying Java application code ?
Can these parameters be passed to WebLogic foreign JMS server JNDI properties in any sort of way ? |
|
| Back to top |
|
|
| Tibor |
| Posted: Thu Dec 01, 2005 10:38 am Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
Sorry,
Ignore my last post, I was unobservant 
Tibor |
|
| Back to top |
|
|
| bousquf |
| Posted: Thu Dec 01, 2005 10:46 am Post subject: |
|
|
Newbie
Joined: 30 Nov 2005
Posts: 3
|
| Finally, I had no choice to change code to set new keystore/truststore for JVM. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
