ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » Adding intermediate certificate for 2 MQ client servers

Post new topic  Reply to topic
 Adding intermediate certificate for 2 MQ client servers « View previous topic :: View next topic » 
Author Message
KIT_INC
PostPosted: Thu Nov 13, 2014 8:04 pm    Post subject: Adding intermediate certificate for 2 MQ client servers Reply with quote

Knight

Joined: 25 Aug 2006
Posts: 589
I am running MQ V7 and need to set up SSL connection request from 2 Qmgrs from another company. They gave me 2 p7b files (cert1.p7b, cert2.pcb) without any instruction. I convert them to .cer and found out that

cert1.p7b.cer contains
subject=/C=CA/O=aa./OU=Certification Services/CN=cc Issuing CA1
issuer=/C=CA/O=aa./OU=Certification Services/CN=cc Root CA
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
subject=/C=CA/O=aa./OU=Certification Services/CN=cc Root CA
issuer=/C=CA/O=aa./OU=Certification Services/CN=cc Root CA
-----BEGIN CERTIFICATE-----
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
-----END CERTIFICATE-----

cert2.p7b.cer contains
subject=/C=CA/O=aa./OU=Certification Services/CN=cc Issuing CA2
issuer=/C=CA/O=aa./OU=Certification Services/CN=cc Root CA
-----BEGIN CERTIFICATE-----
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
-----END CERTIFICATE-----
subject=/C=CA/O=aa./OU=Certification Services/CN=cc Root CA
issuer=/C=CA/O=aa./OU=Certification Services/CN=cc Root CA
-----BEGIN CERTIFICATE-----
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
-----END CERTIFICATE-----

The second certificate of both files are identical.

Please correct me if I am wrong. I think the second certificate which is identical in both cert1.cer and cert2.cer is the root cert where as the first certificate in the 2 files are intermediate certs. In order for my QM to do SSL handshake with the 2 external Qmgrs, I need to extract the 2 certificated from the p7b files and receive (or add) the root cert and the 2 intermediate certs to the key store of my QM.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Fri Nov 14, 2014 2:52 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
Wrong and right. The reasoning is right, but you need to add those certs to the truststore, not the keystore. Note that with the CMS type of store both keystore and truststore reside in the same key db.
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » Adding intermediate certificate for 2 MQ client servers
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.