|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
|
|
Security Certificates |
« View previous topic :: View next topic » |
Author |
Message
|
inMo |
Posted: Tue Aug 01, 2017 1:26 pm Post subject: Security Certificates |
|
|
Master
Joined: 27 Jun 2009 Posts: 216 Location: NY
|
Any insight/direction would be appreciated: If IIB is acting as an endpoint for different https calls using different URLS, and holds security certificates for each
domain, how does IIB know which security certificate to present to the caller? |
|
Back to top |
|
|
inMo |
Posted: Wed Aug 02, 2017 5:30 am Post subject: |
|
|
Master
Joined: 27 Jun 2009 Posts: 216 Location: NY
|
|
Back to top |
|
|
JosephGramig |
Posted: Wed Aug 02, 2017 6:05 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006 Posts: 1237 Location: Gold Coast of Florida, USA
|
By your question, it would seem you have not setup your Key Store. How many X.509 certs have you put in the Key Store JKS? Do you know the default behavior of a JKS Key Store that contains more than one X.509 certificate pair? |
|
Back to top |
|
|
inMo |
Posted: Wed Aug 02, 2017 6:32 am Post subject: |
|
|
Master
Joined: 27 Jun 2009 Posts: 216 Location: NY
|
How I appreciate the response, thank you!
The Key Store is stated to be setup. I see a statement in IIB docs:
Quote: |
The keystore file contains the personal certificate for the broker or for the integration server. You can have only one personal certificate in the keystore. |
I guess this suggests the problem is that a single node single eg cannot act as if it is abc.com & xyz.com. Am I close?
Quote: |
Do you know the default behavior of a JKS Key Store that contains more than one X.509 certificate pair? |
I fully admit I don't.
Again, thank you for taking time to assist & educate. |
|
Back to top |
|
|
JosephGramig |
Posted: Wed Aug 02, 2017 10:18 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006 Posts: 1237 Location: Gold Coast of Florida, USA
|
Very good. In reading the documents, you have answered your questions.
I suggest you create and maintain your Key and Trust Stores with the GS Kit that comes with MQ (since you most likely have that installed).
The name of the command is runmqckm and if you run it it will will echo what you can do. As you add more to the command, it will echo more specifically what you can do.
I have made several posts on this subject one these forums (as many others have also done).
Best of luck.
By the way, you can have more than one personal certificate in the key store, but Java will return the first one (so the doc is not strictly correct). |
|
Back to top |
|
|
|
|
|
|
Page 1 of 1 |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|
|
|