ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » MQ SSL Installation

Post new topic  Reply to topic
 MQ SSL Installation « View previous topic :: View next topic » 
Author Message
solomon_13000
PostPosted: Wed Sep 24, 2008 10:42 pm    Post subject: MQ SSL Installation Reply with quote

Master

Joined: 13 Jun 2008
Posts: 284
1. Create a cert database
2. Add the .crt cert into the cert database
3. Add the .p12 cert into the cert database

According to my installation guide, I have to deploy the .crt cert first and then only I can deploy the .p12 cert. The difference between the two cert is .crt cert is a CA cert and the .p12 cert is a personal certificate used by the queue manager. How does both the cert differ in terms of deployment procedure?. In other words why first deploy .crt cert then second deploy .p12 cert.
Back to top
View user's profile Send private message
solomon_13000
PostPosted: Fri Sep 26, 2008 9:56 am    Post subject: Reply with quote

Master

Joined: 13 Jun 2008
Posts: 284
Jack (Client) and Jill (Server)

1. Jack will send some random text, chiperspec and compression that Jack can use to Jill.

2. Jill will send some random text, chiperspec and compression choosen from Jack's list. Jill will also send the server cert to Jack. Jill will also request for the client cert from Jack. Jill will also send the public key to Jack.

3. Jack will verify the server cert. Jack will use the CA public key to decrypt and verify the server cert.

4. Jack will send a secret key to Jill. This key will be encrypted using Jill's public key. Jack will also send the client cert to Jill.

5. Jill will verify the client cert. Jill will use the CA public key to decrypt and verify the client cert.

6. Using this secret key a secure communication will take place between the client and server.
Back to top
View user's profile Send private message
zhanghz
PostPosted: Sun Sep 28, 2008 8:14 pm    Post subject: Reply with quote

Disciple

Joined: 17 Jun 2008
Posts: 186
you can read a little bit more on how CA certs work and what is certificate chain.

anyway, if you try to add personal cert without its CA certs in key database yet, you will most probably get an error.
Back to top
View user's profile Send private message
gs
PostPosted: Mon Oct 06, 2008 12:37 am    Post subject: Reply with quote

Master

Joined: 31 May 2007
Posts: 254
Location: Sweden
That's because the personal certificate (p12) refers to the CA (crt). The p12 without the crt would be not-trusted. I'd recommend Keytoolgui or similar to view the structure of the certificate files.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » MQ SSL Installation
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.