ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » ws-security and multiple clients

Post new topic  Reply to topic
 ws-security and multiple clients « View previous topic :: View next topic » 
Author Message
kenward
PostPosted: Mon Mar 21, 2011 12:45 pm    Post subject: ws-security and multiple clients Reply with quote

Apprentice

Joined: 01 Jun 2010
Posts: 41
Location: Detroit, MI
Hi All,

All this is in Broker V7 (latest FP)

I'm trying to set up a SOAP input node so that all clients must sign the body of message with their own certificate.

I have this working fine when there's only one client. But I can't figure out how to tell the policy editor that there is more than one client.

I tried putting 'Any' in the DN and Alias with the trust set to 'TrustStore' but then it seems to be looking for an 'Any' alias in the trust store.

And the bindings editor won't let me add a new line for the 2nd client certificate.

The doc for TrustAny seems to indicate that it won't validate the cert against the trust store but trust any cert from anywhere.

Any ideas?
Back to top
View user's profile Send private message
mqjeff
PostPosted: Mon Mar 21, 2011 2:48 pm    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447
You typically choose to trust the signer of the client certificate, rather than specifically trusting each individual certificate itself.

If you are using self-signed certificates, you have to add all of the client certs as signer certs to the SSL server's keychain.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Mar 21, 2011 7:33 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
mqjeff wrote:
You typically choose to trust the signer of the client certificate, rather than specifically trusting each individual certificate itself.

If you are using self-signed certificates, you have to add all of the client certs as signer certs to the SSL server's keychain.

This is why in these cases instead of using self signed certs use certs signed by your internal certificate authority. They work just like normal ca certs except that they are free... and are closer in behavior to what you'd be using in production (official ca signed certs)
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
kenward
PostPosted: Tue Mar 22, 2011 4:26 am    Post subject: Reply with quote

Apprentice

Joined: 01 Jun 2010
Posts: 41
Location: Detroit, MI
Thanks guys. I see now what needs to be done.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » ws-security and multiple clients
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.