| Author |
Message
|
| deepu4u |
 Posted: Thu Dec 21, 2006 3:19 am Post subject: help needed over ssl |
 |
|
Apprentice
Joined: 20 Jun 2005
Posts: 37
|
I have written a java application which does the ssl handshake with the QM.
I'm using jks as my keystore type.
At run time I need to specify these system variables:
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore
using command
java -Djavax.net.debug=ssl -Djavax.net.ssl.trustStore="C:\Documents and Settings\deeagarw\Desktop\SSLCertificate\thwate\newjks\cacerts" -Djavax.net.ssl.keyStore="C:\Documents and Settings\deeagarw\Desktop\SSLCertificate\thwate\newjks\jmskeystore" -Djavax.net.ssl.keyStorePassword=changeit TestMQ enqueue SSLTestQM test_in MYCHANNEL localhost 1469
This is fine with the stansalone application.
Now I need to run this program in appserver where appserver is calling this class.
So to set these variables I can use System.setProperty(....) but this will change the system variables for the jvm of appserver, thus might screwup some other application. I need to set these property per QM connection not for jvm.
Any help and pointer would be highly appreciated.
thanks,
deepak |
|
| Back to top |
|
 |
| Vitor |
| Posted: Thu Dec 21, 2006 3:26 am Post subject: Re: help needed over ssl |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| deepu4u wrote: |
Any help and pointer would be highly appreciated.
|
Has the Security manual's discussion of SSL, which also talks about the use of SSL with queue managers and channels not provided the answers you need? Has this method proved a problem? What issues or restrictions has the appserver environment thrown up?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| deepu4u |
| Posted: Thu Dec 21, 2006 3:43 am Post subject: |
|
|
Apprentice
Joined: 20 Jun 2005
Posts: 37
|
| No, that doc doesn't talk about it. There are no issues or restriction as such with appserver environment but the moment some other application in appserver change these system variables, then this application gets screwed up. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Dec 21, 2006 4:07 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
I'm confused - the manual describes setting the queue manager to use a key store and the channels to use that. How does that require the setting of system variables & how does that leak out into an app server environment?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| deepu4u |
| Posted: Thu Dec 21, 2006 4:29 am Post subject: |
|
|
Apprentice
Joined: 20 Jun 2005
Posts: 37
|
| Here, I'm talkin about the keystore and truststore that a client use... |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Dec 21, 2006 4:34 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| deepu4u wrote: |
| Here, I'm talkin about the keystore and truststore that a client use... |
Exactly. If that's defined to the queue manager & the client channel, what have the system variables got to do with it? 
Or have I got the wrong end of the wrong stick?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| deepu4u |
| Posted: Thu Dec 21, 2006 4:57 am Post subject: |
|
|
Apprentice
Joined: 20 Jun 2005
Posts: 37
|
I'll make it more clear here.
QM use its own keystore and truststore.
But my client program is java program needs to have keystore as well as trust store. So to specify this I need to ust system varaibles like javax.net.ssl.... I dont want to use these variables with -D options as this will change the variable value for all other application running in that jvm. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Dec 21, 2006 5:01 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Fair enough. As I say a lot round here, what I know about Java would fit on a Post-It note, and you wouldn't have to write small.
I know that the MQ here uses Java clients & SSL, and just secures the channels via the queue manager. Presumably you're using a different design paradym.
I'm sure a better Java person will be along in a minute. 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Dec 21, 2006 2:03 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| deepu4u wrote: |
I'll make it more clear here.
QM use its own keystore and truststore.
But my client program is java program needs to have keystore as well as trust store. So to specify this I need to ust system varaibles like javax.net.ssl.... I dont want to use these variables with -D options as this will change the variable value for all other application running in that jvm. |
So you need to code for it.
Use variables like MQ.qmgr.<name>.truststore etc... you get the drift.
In the communications you need to specify your own trustore instance etc.. and code around for not using the JVM's default...
Or add the certificates to the JVM's default truststore....
Enjoy
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
