| Author |
Message
|
| kimmyj |
 Posted: Wed Jun 16, 2004 9:12 am Post subject: Configuring SSL channels between AIX and Windows 2000 |
 |
|
Novice
Joined: 26 Jun 2003
Posts: 19
Location: UK
|
Hi All
Wonder if you can help as slowly pulling my hair out.
Trying to get SSL to work between these 2 OS's.
I have 2 QMs on NT and 1 on AIX.
On the AIX box:
Using gsk6ikm (what a joy that was)
I created the keystore (.cms file) after installing the relevant interim update.
Under Personal Certs
I then created the private keys on the AIX box using self signed certs for all 3 QMs.
Then I extracted the public certs for all 3 private keys saved to filesystem
Then I deleted the 2 private keys for the QMs on NT, leaving the private key for the AIX box in the store
Under Signer Certs
I then Added the 2 public keys for the QM's on NT
----Right over to the NT box
Assigned the relevant private keys to the QM's and also added the publid key for the AIX QM into each keystore.
Channels configured - tested they work OK without SSL
Enable SSL - using the same SSLCIPH each side but not checking an CN, O etc. info yet. Start channels and get an error in the Event Log:
Websphere MQ TCP/IP Recieve Failed.
Please help - I have tried re-creating all the keys again reimporting them and I don't know what else to do.
Cheers
KimmyJ |
|
| Back to top |
|
 |
| kimmyj |
| Posted: Thu Jun 17, 2004 11:26 am Post subject: Additional Info |
|
|
Novice
Joined: 26 Jun 2003
Posts: 19
Location: UK
|
Hiya
If I set up the sender channel on AIX and the receiver channel on NT to use SSL then this works fine.
So its leading me to think theres something wrong with the way I have addedd the pubic keys to the key database.
I can't see anything wrong though and have repeated the process any number of times.
Obviously the key DB on AIX must be ok to a certain extent because it can send its own private key to allow the sender/rcvr channel to be established.
Any help appreciated
Kimmmmmmm |
|
| Back to top |
|
|
| JasonE |
| Posted: Tue Jun 22, 2004 3:04 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
Whats in the qmgr amqerr01 error logs when the failure occurs (both sides)
Any FDCs (either side)? |
|
| Back to top |
|
|
| kimmyj |
| Posted: Thu Jun 24, 2004 1:34 am Post subject: |
|
|
Novice
Joined: 26 Jun 2003
Posts: 19
Location: UK
|
Probelm with certificate - couldn't seem to find the cert on AIX side.
Then after going through the manual again - feel an idiot now - it was a problem with the certificate label.
It does specifically say to prefix with ibmwebspheremq followed by the name of the QM in lower case so I changed and it works fine now.
Got there in the end -  |
|
| Back to top |
|
|
|
|
