Author |
Message
|
DTran |
Posted: Tue Jul 19, 2011 4:56 am Post subject: Using secured SVRCONN channel with SmartCard |
|
|
Acolyte
Joined: 11 May 2006 Posts: 62 Location: Amsterdam
|
Hi,
I have a question: I want to use SSL secure SVRCONN channel to monitor qmgrs. I managed to get it works with personal certificate, but it is against the company rules
So i try to use personal SmartCard, I have extracted my certificate but can't import to the key.kdb. Did anybody knows how to "linked" the SmartCard to a kdb?
Or how to monitor qmgrs via secured the SVRCONN channel using SmartCard?
_________________ There are 10 types of people in this world - those who understand binary and those who don't |
|
Back to top |
|
|
fjb_saper |
Posted: Tue Jul 19, 2011 1:43 pm Post subject: Re: Using secured SVRCONN channel with SmartCard |
|
|
Grand High Poobah
Joined: 18 Nov 2003 Posts: 20696 Location: LI,NY
|
DTran wrote: |
Hi,
I have a question: I want to use SSL secure SVRCONN channel to monitor qmgrs. I managed to get it works with personal certificate, but it is against the company rules
So i try to use personal SmartCard, I have extracted my certificate but can't import to the key.kdb. Did anybody knows how to "linked" the SmartCard to a kdb?
Or how to monitor qmgrs via secured the SVRCONN channel using SmartCard?
|
What format did you extract the certificate in? X509? _________________ MQ & Broker admin |
|
Back to top |
|
|
DTran |
Posted: Wed Jul 20, 2011 12:14 am Post subject: |
|
|
Acolyte
Joined: 11 May 2006 Posts: 62 Location: Amsterdam
|
Tx for your reply fjb,
It is extracted in der-type (binary), I guess it is X509. _________________ There are 10 types of people in this world - those who understand binary and those who don't |
|
Back to top |
|
|
bruce2359 |
Posted: Wed Jul 20, 2011 8:28 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008 Posts: 9402 Location: US: west coast, almost. Otherwise, enroute.
|
Does the company believe a personal smart-card will be more secure than a personal certificate? _________________ I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
Back to top |
|
|
DTran |
Posted: Wed Jul 20, 2011 11:59 pm Post subject: |
|
|
Acolyte
Joined: 11 May 2006 Posts: 62 Location: Amsterdam
|
I know.. don't ask me i am not making the rules But this is what I am facing up right now. I also found out some difference between the content of the SmartCard (SC) and the p12.
On my workstation I log on with a ID e.g. AA11BB while on my SmartCard it contains my name e.g. DTRAN.
I guess the SVRCONN under water sends my logon ID to the queue manager. Am I correct? Because I manage to extract the content of my SC and put it into a key.kdb but the connection failed with
"AMQ9633: Bad SSL certificate for channel 'SYSTEM.ADMIN.SVRCONN'."
If the workstation ID is sent then I can request for a SC with workstation ID _________________ There are 10 types of people in this world - those who understand binary and those who don't |
|
Back to top |
|
|
fjb_saper |
Posted: Thu Jul 21, 2011 7:51 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003 Posts: 20696 Location: LI,NY
|
From these post it looks like you have a limited understanding of how SSL works.
Don't play around with the certs. Enroll the help of the security and MQ admins.
Have fun _________________ MQ & Broker admin |
|
Back to top |
|
|
|