| Author |
Message
|
| jeevan |
 Posted: Tue Mar 28, 2006 7:05 am Post subject: how to know ssl is implementated |
 |
|
Grand Master
Joined: 12 Nov 2005
Posts: 1432
|
Could you please give me some idea where should I check to know whether ssl is implementated. I went to /var/mqm/qmgrs/ssl the directory is enpty. I think, it keeps it certificate in this directory right?
thanks |
|
| Back to top |
|
 |
| sandiksk |
| Posted: Tue Mar 28, 2006 7:12 am Post subject: |
|
|
Centurion
Joined: 08 Jun 2005
Posts: 133
|
You could check and see in the channel attributes.  |
|
| Back to top |
|
|
| wschutz |
| Posted: Tue Mar 28, 2006 8:24 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
What do you mean "implemented"? That directory is where the MQ administrator could put SSL related files (key repository).
If you want to use SSL, then you should look at the "MQ Security" manual, which contains a fine description of setting up SSL for your platform.
_________________
-wayne |
|
| Back to top |
|
|
| jeevan |
| Posted: Tue Mar 28, 2006 8:26 am Post subject: |
|
|
Grand Master
Joined: 12 Nov 2005
Posts: 1432
|
I am carrying out security audit. So, I have to check whether SSL is implemented. I mean used for security.
If the ssl folder is blank, it means no ssl implemented right?
thanks |
|
| Back to top |
|
|
| wschutz |
| Posted: Tue Mar 28, 2006 8:28 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
Maybe yes, maybe no. It depends on the setting of the SSLKEYR attribute of the qmgr.
_________________
-wayne |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Tue Mar 28, 2006 10:38 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| jeevan wrote: |
| If the ssl folder is blank, it means no ssl implemented right? |
No, it means there is nothing in that folder.
The QM attribute needs to be checked like Wayne said, but more importantly, the channel defs need to be looked at. You could have 834 certificates on the machine. If not one channel is using them, then MQ is not using SSL on that server.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| vinoth |
| Posted: Tue Mar 28, 2006 7:57 pm Post subject: |
|
|
Apprentice
Joined: 03 Mar 2005
Posts: 31
|
I think jeevan is trying to figure out , how can we justify that the message is really encrypted bfore sending and in the same way it is decrypted before receiving.
Is that possible to capture the message anywhere in between encryption and decryption to show it is really encrypted..
This is wat security/audit guys look for....
Vinoth |
|
| Back to top |
|
|
| jpeela |
| Posted: Fri Apr 07, 2006 1:05 pm Post subject: |
|
|
Centurion
Joined: 23 Jan 2006
Posts: 139
|
vinoth,
| Quote: |
I think jeevan is trying to figure out , how can we justify that the message is really encrypted bfore sending and in the same way it is decrypted before receiving.
Is that possible to capture the message anywhere in between encryption and decryption to show it is really encrypted..
This is wat security/audit guys look for.... |
ya we I know that we can check wether message got encrypted using the server proxy and port sniffer program.which receives the content through a different port and show the encrypted message on the console.
_________________
Jogi |
|
| Back to top |
|
|
|
|
