| Author |
Message
|
| nabanita |
 Posted: Fri Jan 07, 2011 1:04 am Post subject: How to configure secure channel connection in MQ 7.0? |
 |
|
Newbie
Joined: 01 Dec 2008
Posts: 8
|
Hi,
Can anybody help me to guide me to configure secure channel connection in MQ 7.0?
Thanks!! |
|
| Back to top |
|
 |
| Mr Butcher |
| Posted: Fri Jan 07, 2011 1:28 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
read the manuals first. also search here. ssl seems to be your friend. in addition, there are security exits that can help. or both.
depends on what you exactly want to achieve....
_________________
Regards, Butcher |
|
| Back to top |
|
|
| nabanita |
| Posted: Fri Jan 07, 2011 2:46 am Post subject: |
|
|
Newbie
Joined: 01 Dec 2008
Posts: 8
|
Hi Butcher,
I need to configure SSL on MQ 7.0. I am new to this MQ. Kindly help me to configure it.
Thanks!!
Nabanita. |
|
| Back to top |
|
|
| Mr Butcher |
| Posted: Fri Jan 07, 2011 3:22 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
go do some efforts on your own. ssl is very well described in the manuals, has been discussed here, there are also redbooks and supportpacs available.
if you are not interested in all that and just want the solution, then pay for it. this site is not a "we do your work for free" - service.
_________________
Regards, Butcher |
|
| Back to top |
|
|
| HubertKleinmanns |
| Posted: Fri Jan 07, 2011 3:30 am Post subject: |
|
|
Shaman
Joined: 24 Feb 2004
Posts: 732
Location: Germany
|
| Mr Butcher wrote: |
go do some efforts on your own. ssl is very well described in the manuals, has been discussed here, there are also redbooks and supportpacs available.
if you are not interested in all that and just want the solution, then pay for it. this site is not a "we do your work for free" - service. |
Additionally IBM offers several administration and development courses about MQ.
_________________
Regards
Hubert |
|
| Back to top |
|
|
| nabanita |
| Posted: Fri Jan 07, 2011 3:51 am Post subject: |
|
|
Newbie
Joined: 01 Dec 2008
Posts: 8
|
Hi Buthcher,
Till now what ever post I have gone through none describes well about how to configure it. I only asked for help  as I am new to it and I know well nobody here does free of work task. I asked to share knowledge not to send teaser.
Thanks!!
Nabanita |
|
| Back to top |
|
|
| zpat |
| Posted: Fri Jan 07, 2011 3:58 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| What type of channel? Client to QM, or QM to QM? |
|
| Back to top |
|
|
| nabanita |
| Posted: Fri Jan 07, 2011 4:22 am Post subject: |
|
|
Newbie
Joined: 01 Dec 2008
Posts: 8
|
Hi,
It's QM to QM.
Thanks!!
Nabanita |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Jan 07, 2011 5:02 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| So you configure a keystore on each qm. Then you configure the sdr/rcvr channels to use SSL. |
|
| Back to top |
|
|
| HubertKleinmanns |
| Posted: Fri Jan 07, 2011 5:05 am Post subject: |
|
|
Shaman
Joined: 24 Feb 2004
Posts: 732
Location: Germany
|
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Jan 07, 2011 5:09 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
And then you decide if securing the network layer actually meets any of your official criteria for "security".
Because just because the channel between two qms is secure, doesn't mean that in any way either of the QMs themselves are secure. |
|
| Back to top |
|
|
| zpat |
| Posted: Fri Jan 07, 2011 5:13 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
To be fair, this is quite a steep learning curve. There are some support pacs which help, one that checks the SSL set up is particularly useful.
Issues such as self-signed, or CA signed certs need to be thought about. But the documentation is the place to start, use the forum when you can't get it to work despite the documentation, rather than without it. |
|
| Back to top |
|
|
| nabanita |
| Posted: Fri Jan 07, 2011 5:28 am Post subject: |
|
|
Newbie
Joined: 01 Dec 2008
Posts: 8
|
| Thanks to who ever has replied me!!! Can you just let me know setting security between QM's will secure the channel also or do I need to secure the channel also separately? |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jan 07, 2011 5:31 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| nabanita wrote: |
| I need to configure SSL on MQ 7.0. I am new to this MQ. Kindly help me to configure it. |
The problem, especially with this topic, is there's no "help" we can provide that's better than the documented procedure. SSL (like many things) requires you to make a lot of decisions based on site requirements, site standards and similar. The example of CA or self signed from my worthy associate is a good example; we can't know what you've got set up, what you could set up or what you're allowed to set up.
You should also assume that at this point I've given the standard speech on how this forum isn't set up as a training resource and you'd get better training elsewhere.
As has been said in this thread, this forum is a good place to come when you've tried to set something up and can't get it to work.
If you're new to WMQ, I add my voice to the choir regarding formal training. This is not a simple product, and security is not the easiest part of it. Once you've got SSL configured, you'll then need to answer the question of mqjeff about if it's actually what you need.
This has nothing to do with being told by client or management to install SSL as a task. They may have said that's what they want, in many cases it's not what they mean or what they need.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jan 07, 2011 5:33 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| nabanita wrote: |
| Can you just let me know setting security between QM's will secure the channel also or do I need to secure the channel also separately? |
The question is meaningless. How can you set security between queue managers without involving the channels, and how can you secure the channel independantly of the queue manager?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
