| Author |
Message
|
| asincero |
 Posted: Mon Nov 19, 2007 7:49 am Post subject: Converting a Windows client to use SSL hints. |
 |
|
Novice
Joined: 13 Mar 2003
Posts: 18
|
I wrote a Windows client in C that I need to modify so that it talks to the MQ server over SSL. Either the information on how to do this is a little sketchy in the reference manuals or I'm too stupid, but I'm having some difficulty on figuring out how to do this.
Do I just use MQCONNX() instead of MQCONN(), specify the SSL-related fields "SSLCipherSpec" and "KeyRepository", and I'm good to go? I guess this sounds easy enough. Almost too easy. I haven't tried it out yet because I'm waiting on the MQ guys here to set me up a test connection to the server with SSL enabled. What should I set for KeyRepository? Can it be any old directory so as long as the client process can write to it?
Thanks in advance for any help with this. |
|
| Back to top |
|
 |
| Vitor |
| Posted: Mon Nov 19, 2007 7:59 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Or set the SSL parameters in the client channel and use the resulting client table to connect.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| asincero |
| Posted: Mon Nov 19, 2007 8:12 am Post subject: |
|
|
Novice
Joined: 13 Mar 2003
Posts: 18
|
| Vitor wrote: |
| Or set the SSL parameters in the client channel and use the resulting client table to connect. |
Is that all there is to it? No additional configuration on the client side required?
Also, about my KeyRepository question ... do have any insight you could share with me?
Thanks! |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Nov 19, 2007 8:17 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| asincero wrote: |
Also, about my KeyRepository question ... do have any insight you could share with me?
|
It needs to be accessable to the client, but why would the client be writing to it?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Nov 19, 2007 1:43 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
The key repository directory needs to be the one that you have populated a valid GSKit keyring into.
Ask your MQ administrator what directory that should be, based on how they have configured the MQ client channel in the client channel table they have provided you.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Nov 19, 2007 2:05 pm Post subject: |
|
|
Guest
|
| You might also want to read the relevant sections of the MQ Security and MQ Clients manuals. |
|
| Back to top |
|
|
|
|
