| Author |
Message
|
| DTran |
 Posted: Tue Jul 19, 2011 4:56 am Post subject: Using secured SVRCONN channel with SmartCard |
 |
|
Acolyte
Joined: 11 May 2006
Posts: 62
Location: Amsterdam
|
Hi,
I have a question: I want to use SSL secure SVRCONN channel to monitor qmgrs. I managed to get it works with personal certificate, but it is against the company rules 
So i try to use personal SmartCard, I have extracted my certificate but can't import to the key.kdb. Did anybody knows how to "linked" the SmartCard to a kdb?
Or how to monitor qmgrs via secured the SVRCONN channel using SmartCard?
_________________
There are 10 types of people in this world - those who understand binary and those who don't |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Tue Jul 19, 2011 1:43 pm Post subject: Re: Using secured SVRCONN channel with SmartCard |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| DTran wrote: |
Hi,
I have a question: I want to use SSL secure SVRCONN channel to monitor qmgrs. I managed to get it works with personal certificate, but it is against the company rules
So i try to use personal SmartCard, I have extracted my certificate but can't import to the key.kdb. Did anybody knows how to "linked" the SmartCard to a kdb?
Or how to monitor qmgrs via secured the SVRCONN channel using SmartCard?
|
What format did you extract the certificate in? X509? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| DTran |
| Posted: Wed Jul 20, 2011 12:14 am Post subject: |
|
|
Acolyte
Joined: 11 May 2006
Posts: 62
Location: Amsterdam
|
Tx for your reply fjb,
It is extracted in der-type (binary), I guess it is X509.
_________________
There are 10 types of people in this world - those who understand binary and those who don't |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Jul 20, 2011 8:28 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Does the company believe a personal smart-card will be more secure than a personal certificate?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| DTran |
| Posted: Wed Jul 20, 2011 11:59 pm Post subject: |
|
|
Acolyte
Joined: 11 May 2006
Posts: 62
Location: Amsterdam
|
I know.. don't ask me i am not making the rules  But this is what I am facing up right now. I also found out some difference between the content of the SmartCard (SC) and the p12.
On my workstation I log on with a ID e.g. AA11BB while on my SmartCard it contains my name e.g. DTRAN.
I guess the SVRCONN under water sends my logon ID to the queue manager. Am I correct? Because I manage to extract the content of my SC and put it into a key.kdb but the connection failed with
"AMQ9633: Bad SSL certificate for channel 'SYSTEM.ADMIN.SVRCONN'."
If the workstation ID is sent then I can request for a SC with workstation ID
_________________
There are 10 types of people in this world - those who understand binary and those who don't |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Jul 21, 2011 7:51 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
From these post it looks like you have a limited understanding of how SSL works.
Don't play around with the certs. Enroll the help of the security and MQ admins.
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
