ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » SSL Hand shake Failure between MQ Client and Server Communic

Post new topic  Reply to topic
 SSL Hand shake Failure between MQ Client and Server Communic « View previous topic :: View next topic » 
Author Message
skalanatham
PostPosted: Mon Mar 29, 2010 2:48 am    Post subject: SSL Hand shake Failure between MQ Client and Server Communic Reply with quote

Newbie

Joined: 10 Jun 2008
Posts: 1
We have got a problem in critical Payments environment, where SSL handshake between MQ client and MQ server is failing. The details are as below:

MQ client personal certificate is signed by CA3 signing authority, but MQ server personal certificate is signed by CA2 signing authority. However both the key database have trusted root certificate of both the authorities (CA2 and CA3). Above all MQ client is .jks key database and MQ server is .kdb key database.

MQ Client Ver: 6.0.2.2
MQ Server Ver: 6.0.2.2
OS Level: AIX v5.3.0.0

Now, Is this mandatory for Client to have the personal certificate signed by the same Signing Authority / will this be fine if it has the root and inter certificate of the server certificate in order to establish communication?
Back to top
View user's profile Send private message
exerk
PostPosted: Mon Mar 29, 2010 3:35 am    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339
Take a look at the MH03 SupportPac which deals with SSL configurations, but so long as you remember the basics, which are:

1. All trust stores (jks) or key stores (cms) need CA-certificate copies for all peer and personal certificates that will be used/flowed.

2. The label for a client (NOTE: 'true' client, not a 'client' queue manager) must follow the correct construction.

skalanatham wrote:
Now, Is this mandatory for Client to have the personal certificate signed by the same Signing Authority / will this be fine if it has the root and inter certificate of the server certificate in order to establish communication?


I'm not sure what you mean by this question. If you mean '...do you need the CA certificate used to sign the clients certificate in the client trust store?...", then yes (see 1. above).

And apply maintenance because you're way behind...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » SSL Hand shake Failure between MQ Client and Server Communic
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.