ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » Control access to SVRCONN using SSL

Post new topic  Reply to topic
 Control access to SVRCONN using SSL « View previous topic :: View next topic » 
Author Message
WBI_user
PostPosted: Wed Sep 17, 2008 6:35 am    Post subject: Control access to SVRCONN using SSL Reply with quote

Partisan

Joined: 07 Aug 2001
Posts: 386
I have set up SSL for MQCLients on Windows to acess my AIX servers. I am running MQ V6.
I have a SVRCONN channel for MQ admimistrator (ADM.SVRCONN) and a SVRCONN channel for genersl users (USER.SVRCONN).
How can I have the ADM group users running Windows MQ client to have access to both SVRCONN channels and block all general users from the ADM.SVRCONN.

I did some reading and I am using SSLPEER to restrict access.
Here is my test setup
ADM MQ client (USERID = adm.user1) certificate is like
ibmwebspheremqadm.user1 with CN=MQADM
the ADM.SVRCONN channel has SSLPEER with CN=MQADM

General MQ client (USERID = mq.user1) certificate is like
ibmwebspheremqmq.user1 with CN=MQUSER
the USER.SVRCONN channel has SSLPEER with CN=MQUSER

But this will block the ADM group from USER.SVRCONN channel.

Any suggestion?
Back to top
View user's profile Send private message
Tibor
PostPosted: Fri Sep 19, 2008 1:25 am    Post subject: Reply with quote

Grand Master

Joined: 20 May 2001
Posts: 1033
Location: Hungary
Try using O or OU ('Organization' / 'Organizational Unit') in SSLPEER, similar to the group-based authentication of operating systems.

Details in the infocenter: http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/topic/com.ibm.mq.csqzac.doc/pc11020_.htm

Hope this helps,
Tibor
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » Control access to SVRCONN using SSL
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.