English 中文(简体)
How to connect to a queue manager with ssl enabled server connection channel when authentication is required
原标题:

I am trying to write a java application connecting to server connection channel with SSL enabled.

So far, I have been successfully connected to the channel by setting authentication to optional . However, when I set it to be required , the connection fails.

Here is what I did:

  1. Create key db for queue manager and keystore for the java client user.
  2. Create key/self-signed certificates for the queue manager and the client user, with names prefixed ibmwebspheremq.
  3. Export, exchange and import certificates for the queue manager and the client. (I did answered yes when being asked whether I trust the queue manager cert).
  4. The location and password to the truststore and keystore are set to point to the same keystore at the client side, where the orgininal created client user key and the imported queue manager key are.

With other settings being the same, if I switch back to optional authentication, the connection works.

I think there is something I understand incorrectly about this ssl authenticaion but cannot figure out what.

Could someone kindly help me?

最佳回答

I beat my head against that wall for a couple of weeks. IBM L2 Support eventually clued me in. My issue here was that keytool will use DSA algorithm unless you specify RSA. This results in keys of length 1022 instead of 1024, which WMQ doesn t like. The fix was to specify -sigalg RSA when generating the certificate and everything works.

I ve asked the IBM WMQ team and WMQ FTE team to add this to their Infocenter documentation.

问题回答

暂无回答




相关问题
ssl on login form?

I have SSL on my website....when the user logs in from a http page the form action is sent to https page, would this still secure the posted data? Or would it be better to have the form and the page ...

SSL slowness in EC2

We ve deployed our rails app to EC2. In our setup, we have two proxies on small instances behind round-robin DNS. These run nginx load balancers for a dynamically growing and shrinking farm of web ...

Why can t I find the truststore for an SSL handshake?

I m using the Spring RESTTemplate on the client side to make calls to a REST endpoint. The client in this case is a Spring app and Tomcat is the servlet container. I m running into issues making a ...

To add more parameter for my http header for SSL/TLS

As far as I understand, https is http plus SSL/TLS. What do I need to do if I want to add 3 more parameters for the header? I found a file inside Mozilla s NSS - ssl3ext.c, but I don t understand it ...

Why am I getting handshake_failure with Java SSL cert?

I m trying to use Hudson (which uses SVNKit) to access a Subversion repository that requires a client certificate to access it. I can access the same repository using the same client certificate via ...

热门标签