| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SSL and clustering |
« View previous topic :: View next topic » |
| Author |
Message
|
| sebastia |
 Posted: Sat Aug 09, 2008 8:43 am Post subject: SSL and clustering |
 |
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
Hi all.
My customer uses a MQ cluster in their applications.
Now, they want to improve their security and use SSL.
I have been told that ALL queue managers in the cluster
must use the same certificate,
but I can't find any documentation about this point.
I am reading "Security" = SC34-6588-01, and
"Clusters" = SC34-6589-00, all on MQ v 6.0
Any pointer is welcome. |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Sat Aug 09, 2008 10:27 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
I think if you read carefully it will mean that each qmgr in the cluster must have
- It's own certificate on the keyring
- The certificate of each other qmgr in the cluster on the keyring
Now I do know that the CLUSRCVR channel makes a template for the different sender channels to be created. Don't know how that translates to SSL. If you want a peer to peer verification with peer names in the channel that would not work... It might work if all you're going for is encryption...
Have you thought about looking at MQIPT? I believe it has a cluster scenario
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Sat Aug 09, 2008 5:16 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
|
| Back to top |
|
|
| exerk |
| Posted: Sun Aug 10, 2008 4:29 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| fjb_saper wrote: |
| ...If you want a peer to peer verification with peer names in the channel that would not work... |
I think it can be made to work by using cluster names in the peer name. I'm trying to remember if the site I was on used it on cluster channels, or whether failing memory makes me think I've seen that method used - just one more thing on the list of things to try when I have the time!
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| sebastia |
| Posted: Sun Aug 10, 2008 9:48 am Post subject: |
|
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
Peter : exactly the kind of pointer i was asking for .... thans a lot
mqipt - no, had no idea, but can think on it ... thanks. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
