| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SSL on 5.3 please help |
« View previous topic :: View next topic » |
| Author |
Message
|
| weq92f |
 Posted: Thu Nov 01, 2007 1:59 pm Post subject: SSL on 5.3 please help |
 |
|
Newbie
Joined: 01 Nov 2007
Posts: 2
|
I'm attempting to setup SSL against a basic 5.3 MQ system on UNIX. I have only local queues which are accessed from remote via MQclient to put/get and accessed locally to get/put via Java.
I'm new to SSL in general and am finding it very difficult to understand the related ibm MQ documentation.
Can someone point me to a good tutorial or guide for setting up SSL on MQSeries channels?
The goal is to require authentication ( userid/password ) and encrypt the data going through the queues.
Questions for now:
What are the main steps to get SSL up with the above characteristics?
These are what I've gotten from the docs:
1) create the keystore
2) create certificates
3) set SSLCIPH, SSLCAUTH in the channel definition ( SVRCONN )
4) there must be more to it that this?
What type of keystore should I create given the above access methods?
Can I get by using self-signed certificates ( this is an intranet app )? If not how/where do I find a CA to build real certs for me?
Are local connections ( those initiated from the MQ server running as the owner of all MQ objects ) required to go through SSL auth once this stuff is setup?
I know, clueless eh!
Thanks,
-klb |
|
| Back to top |
|
 |
| PeterPotkay |
| Posted: Thu Nov 01, 2007 4:38 pm Post subject: Re: SSL on 5.3 please help |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
|
| Back to top |
|
|
| weq92f |
| Posted: Fri Nov 02, 2007 10:18 am Post subject: |
|
|
Newbie
Joined: 01 Nov 2007
Posts: 2
|
Sorry, not an option to upgrade.
After completing what I think is a good SSL config, I can connect and write messages onto a Queue without using a cert or requiring any SSL specific code from the MQserver. Trying to do the same from remote causes an error, but I'm using the sample programs to do so and I don't believe they support SSL:
MQSERVER=<CHANNEL_NAME>/TCP/<IPADDRESS>(port)
export MQSERVER
amqsputc QNAME QMANAGERNAME
Sample AMQSPUT0 start
MQCONN ended with reason code 2393
Server log shows:
Remote channel '<CHANNEL_NAME>' did not specify a CipherSpec
How to specify the CIPHERSPEC for simple command line testing?
Trying to use JAVA from the client, I find that the /opt/mqm/java JAVA_HOME area does NOT have javax.net.ssl and so the java program blows up with this error:
java.lang.NoClassDefFoundError: javax/net/ssl/HandshakeCompletedListener
Where can I download the javax.net.ssl library or JAR files? I've looked all over sun.com and goole to no avail. All I can find are complete JDK/JRE installations containing the JSSE code but MQ requires that JAVA_HOME be set to /opt/mqm/java right? What to do?
Thanks
-klb |
|
| Back to top |
|
|
| bbburson |
| Posted: Fri Nov 02, 2007 10:23 am Post subject: |
|
|
Partisan
Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager
|
| You cannot use MQSERVER variable to connect to an SSL channel. I'm sure that's mentioned in one or more of the links PeterPotkay provided. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
