| Author |
Message
|
| varya |
 Posted: Thu Oct 23, 2008 6:51 am Post subject: SSL between z/OS-Queue Manager And solaris-MQ client |
 |
|
Newbie
Joined: 23 Oct 2008
Posts: 3
|
We are trying to establish a SSL channel between queue manager running on a mainframe(zOS) and an MQ client 6.0 running on Solaris 8.
We have installed all required certificates etc. I understand that on the MQ client, we need a client definition table (i.e .TAB file) to be able to create connection on a SSL channel. How could we create this .TAB file ? Could we create it using any utilities on the MQ client as opposed to the server since there is some limitation on being able to create this file on z/OS.
Or is there any other way to establish SSL connection to the queue manager running on zOS . Please note we do not have the luxury of changing the API being used to connect to the Queue Manager from the client...as the software on the client side is a third party software.
Any help is greatly appreciated. |
|
| Back to top |
|
 |
| Mr Butcher |
| Posted: Thu Oct 23, 2008 7:17 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
check the z/OS system administration guide, the channel table can be created with CSQUTIL. what kind of creation-limitation did you mean?
and please do not double-post.
_________________
Regards, Butcher |
|
| Back to top |
|
|
| varya |
| Posted: Thu Oct 23, 2008 7:46 am Post subject: |
|
|
Newbie
Joined: 23 Oct 2008
Posts: 3
|
Thanks Butcher. I will not double post in future.
Is it possible to create the channel definition file on a server other than the mainframe (despite the fact that the queue manager is running on mainframe) and then use it on the client to connect to the queue manager running on the mainframe. ... (I own the client side and not the server side - We are just not getting enough support from the mainframe guys ... and I was hoping we could just create this on our own as opposed to begging them..) |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Oct 23, 2008 7:47 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You can create the CLNTCONN on any queue manager, as long as it has all of the correct information to connect to the zOS qmgr.
This will then populate the TAB file on that qmgr, which can be moved to the client side. |
|
| Back to top |
|
|
| zhanghz |
| Posted: Thu Oct 23, 2008 10:48 pm Post subject: |
|
|
Disciple
Joined: 17 Jun 2008
Posts: 186
|
| yes, as mqjeff said.. I have done that to SSL-connect to z/OS QMGRs using MQ Explorer installed on my windows laptop. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Oct 24, 2008 12:46 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| varya wrote: |
Thanks Butcher. I will not double post in future.
Is it possible to create the channel definition file on a server other than the mainframe (despite the fact that the queue manager is running on mainframe) and then use it on the client to connect to the queue manager running on the mainframe. ... (I own the client side and not the server side - We are just not getting enough support from the mainframe guys ... and I was hoping we could just create this on our own as opposed to begging them..) |
You said you don't control the zOS side. However if they don't have the CAF (client attachment facility) none of your efforts will work. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Oct 24, 2008 12:02 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9470
Location: US: west coast, almost. Otherwise, enroute.
|
With practice, begging mainframe techs is only slightly more annoying than begging UNIX, Windows or network techs.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Oct 24, 2008 12:26 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| bruce2359 wrote: |
| With practice, begging mainframe techs is only slightly more annoying than begging UNIX, Windows or network techs. |
It can be more expensive, though.
Most distributed techs haven't been in the business long enough to require single malt recovery. |
|
| Back to top |
|
|
|
|
