Reputation: 21
SSL connection to IBM MQ through ssl channel from java client
I have developed a java application that reads MQ queue, now I want to make the ssl connection, I have no idea on trust store and keystore, could any one please help me on this.
I am using Websphere MQ on solaris which donot have any gui to create keys etc, I need to use commands. any one having idea on this please help me out.
Upvotes: 1
Views: 7440
Answers (1)
Reputation: 772
Does the solaris qmgr comes with KeyMan package installed?
You can install the windows MQ client on your desktop. That comes with a IBM key management tool (if you are looking for a GUI) which can create the keystores for you. make sure to select the option to dump the password to the stash file. Alternatively, you can use the gsk7cmd/gsk8capicmd/ikeyman command line tools. http://www-01.ibm.com/support/docview.wss?uid=swg21006430
You will need two keystores, one for the qmgr and another for the application.
The qmgr's keystore should have a personal certificate named ibmwebspheremq. The keystore files (kdb, sth, crl, rdb) should be copied to the dir /var/mqm/qmgrs//ssl. The qmgr properties SSLKEYR should be set as /var/mqm/qmgrs//ssl/ Qmgr should be restarted.
If you are going for personal certificates, the qmgr keystore needs to be signed with the application certificate and vice versa.
The application keystore should have a personal certificate named ibmwebspheremq. Normally for nonjava environments, the application_name should match the running user id.
You can set the SSL keystore in the application programatically or use a client channel definition table. Make sure the SVRCONN channel and CLNTCONN channel SSL parameters are set (SSLCIPH, SSLCAUTH, SSLPEER, )
I suggest reading the MQ clients manual (http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp?topic=%2Fcom.ibm.mq.csqzaf.doc%2Fcs10120_.htm) and MQ java manual (http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/topic/com.ibm.mq.csqzaw.doc/uj10120_.htm) as this is a complex topic with variety of options to be answered in one go.
Read T.Rob's answer's to troubleshoot ssl connections. Generally look for his posts, they have wealth of information and well explained.
Connecting to a Websphere MQ in Java with SSL/Keystore
https://stackoverflow.com/search?q=user%3A214668+ssl
Upvotes: 2
Related Questions
- IBM MQ throws java.lang.UnsupportedOperationException on SSL handshake
- While Establishing SSL between IBM MQ and JMS client,recieving "com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9503: Channel negotiation failed" error
- How to establish SSL communication be IBM MQ & the MQ java client?
- failed to establish SSL communication b/w client process and MQ series
- MQ Server fails: AMQ9637: Channel is lacking a certificate. But Java client is configured to send it
- Problem Connecting a Java Client (JMS) to a IBM MQ
- Using SSL support for Java clients & WebSphere MQ
- Configure IBM Websphere Mq server and a Java Client to Create SSL Connection
- Websphere MQ SSL connection using java
- Connecting to WebSphere MQ 7.0 using JMS through SSL