ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexIBM MQ Installation/Configuration SupportSSL configuration between JMS client and Queue Manager

Post new topicReply to topic
SSL configuration between JMS client and Queue Manager View previous topic :: View next topic
Author Message
pandeg
PostPosted: Mon May 09, 2016 11:13 am Post subject: SSL configuration between JMS client and Queue Manager Reply with quote

Disciple

Joined: 21 Oct 2014
Posts: 195

Hi, we have a java application which uses MQ client jar to connect to Queue Manager (version 8.0) using server connection channel. We want to configure SSL between this java application and Queue Manager. Can you please suggest me any link or sample which i can use to configure SSL.
Back to top
View user's profile Send private message
hughson
PostPosted: Mon May 09, 2016 3:08 pm Post subject: Reply with quote

Shaman

Joined: 09 May 2013
Posts: 728
Location: Bay of Plenty, New Zealand

You didn't say JMS, so I assume you mean the MQ classes for Java.

Therefore, read Secure Sockets Layer (SSL) support in IBM MQ classes for Java

This was quite easy to search for in Knowledge Center. Make sure you learn how to use search as it will help you to answer these questions for yourself.

Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
pandeg
PostPosted: Tue May 10, 2016 10:25 am Post subject: Reply with quote

Disciple

Joined: 21 Oct 2014
Posts: 195

Thanks for the information.

I went the to knowledge center (https://www.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.dev.doc/q031220_.htm?lang=en) and it mentioned that SSLFIPS is required if the application is using more than one client connection. In my case each application establishes around 4-5 instances of Server connection channel to Queue Manager. Do i need to use this attribute.

Also, below statement is mentioned :
"To connect successfully using SSL, the JSSE truststore must be set up with certificate authority root certificates from which the certificate presented by the queue manager can be authenticated. Similarly, if SSLClientAuth on the SVRCONN channel has been set to MQSSL_CLIENT_AUTH_REQUIRED, the JSSE keystore must contain an identifying certificate that is trusted by the queue manager."

I found this link published in Oct , 2013 (https://qadeer786.wordpress.com/2013/10/08/using-ssl-support-for-java-clients-websphere-mq/)which shows how to create keystore for Queue Manager and Java application. Can you please take a look and let me know if this contains the correct information as per current version of MQ (V. Also ,wanted to know if Key Management Tool is free or Licensed.
Back to top
View user's profile Send private message
bruce2359
PostPosted: Tue May 10, 2016 2:35 pm Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 7844
Location: US: west coast, almost. Otherwise, enroute.

Moved to Configuration forum.
_________________
I didn't know that Schrdinger had a cat.
Back to top
View user's profile Send private message
hughson
PostPosted: Tue May 10, 2016 3:30 pm Post subject: Reply with quote

Shaman

Joined: 09 May 2013
Posts: 728
Location: Bay of Plenty, New Zealand

pandeg wrote:
I went the to knowledge center (https://www.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.dev.doc/q031220_.htm?lang=en) and it mentioned that SSLFIPS is required if the application is using more than one client connection.

I don't see anywhere in that page that says that. It does say this:-
IBM Knowledge Center wrote:
If you require a client connection to use a CipherSuite that is supported by the IBM Java JSSE FIPS provider (IBMJSSEFIPS), an application can set the sslFipsRequired field in the MQEnvironment class to true. Alternatively, the application can set the environment property CMQC.SSL_FIPS_REQUIRED_PROPERTY. The default value is false, which means that a client connection can use any CipherSuite that is supported by WebSphere MQ.
If an application uses more than one client connection, the value of the sslFipsRequired field that is used when the application creates the first client connection determines the value that is used when the application creates any subsequent client connection. Therefore when the application creates a subsequent client connection, the value of the sslFipsRequired field is ignored. You must restart the application if you want to use a different value for the sslFipsRequired field.


Perhaps have another read and see if it makes more sense the second time? You use SSLFIPS if you need to only use FIPS ciphers.

pandeg wrote:
I found this link published in Oct , 2013 (https://qadeer786.wordpress.com/2013/10/08/using-ssl-support-for-java-clients-websphere-mq/)which shows how to create keystore for Queue Manager and Java application. Can you please take a look and let me know if this contains the correct information as per current version of MQ (V.

I think the most appropriate course of action here would be to ask the author of that blog whether his infomation is correct for MQ V8. However, that said, I am not aware of there being any changes to the way certificates are created in general.

pandeg wrote:
Also ,wanted to know if Key Management Tool is free or Licensed.

Licensed and Free are not opposites. The MQ Client is freely available and licensed for use through your queue manager. I expect the Key Management Tool is the same - you are licensed to use it due to your purchase of a queue manager. What was the reason you were asking? Perhaps there is a different question that you really wanted to ask?

Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
hughson
PostPosted: Tue May 10, 2016 3:34 pm Post subject: Reply with quote

Shaman

Joined: 09 May 2013
Posts: 728
Location: Bay of Plenty, New Zealand

P.S. I notice just now that your title does say JMS, even though your text doesn't. Please confirm whether you are asking about JMS or Java classes?
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
MQMB&WAS
PostPosted: Tue Oct 03, 2017 10:37 am Post subject: Reply with quote

Apprentice

Joined: 12 Jun 2016
Posts: 46

hughson wrote:
P.S. I notice just now that your title does say JMS, even though your text doesn't. Please confirm whether you are asking about JMS or Java classes?


I'm looking for this same documentation. Could someone please direct me to any documentation for configuring SSL between JMS client and IBM MQ. Could find anything myself. Appreciate any help.
Back to top
View user's profile Send private message
zpat
PostPosted: Tue Oct 03, 2017 11:02 pm Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5558
Location: UK

Google "JMS SSL MQ"

Plenty of material such as

https://www.ibm.com/developerworks/websphere/library/techarticles/0510_fehners/0510_fehners.html

Although this one is a bit old.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexIBM MQ Installation/Configuration SupportSSL configuration between JMS client and Queue Manager
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.