ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » sos about ssl

Post new topic  Reply to topic
 sos about ssl « View previous topic :: View next topic » 
Author Message
sahamidas
PostPosted: Tue Aug 28, 2012 3:07 am    Post subject: sos about ssl Reply with quote

Novice

Joined: 03 Mar 2012
Posts: 17
Hi all
I use message broker v 7.0.0.4
For use SSL i create keystore and self_signed with Ikeyman , after config MQ & broker for it i get following error :

Code:

Error  BIP3541E: Cannot find a valid SSL server key in the keystore (port '20000').
The TCP/IP SSL server configured for port '20000' could not accept a client connection, because the keystore does not contain a valid server key.
Ensure that a valid key is present in either the broker keystore, or the execution group keystore, if one has been configured.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Tue Aug 28, 2012 4:32 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447
List all of the exact steps you took with ikeyman to create the keystore and certificate.

List all of the exact steps you took to configure the broker to use the keystore you created with ikeyman.
Back to top
View user's profile Send private message
sahamidas
PostPosted: Tue Aug 28, 2012 5:13 am    Post subject: Reply with quote

Novice

Joined: 03 Mar 2012
Posts: 17
Config in Ikeyman
1- Create mykeystore.jks in section Personal Certificate on location "C:\SSL\"
2- Create new self_signed with lable ="sig" key size = 1024 and signature alg = SHA1WithRSA
3- Extract certificate to above directory
--------------------------------------------
Config in MQ
1- Create configurable service TCP/IP server with SSLProtocol = SSLv3 and SSLciphers = SSL_RSA_WITH_DES_CBC_SHA and Port = 20000
2- In properties of QManager in section SSL , i set "C:\SSL\" in key repository
--------------------------------------------
Config in flow
1- Set name of configurable service in connection details of TCPIP Server node in flow
Back to top
View user's profile Send private message
mqjeff
PostPosted: Tue Aug 28, 2012 5:22 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447
Show the documentation that says that a .jks (java keystore) is the correct form of keystore to use for this.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » sos about ssl
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.