Skip to main content

SSL / Determining whether SSL connections have been set up

SSL / Determining whether SSL connections have been set up
==========================================================


This section deals with determining whether SSL connections have been set up for WebSphere® MQ.

For channel definitions see the section "Checking whether channel definitions have been SSL-enabled".
For channels set up using client application MQCONNX calls, see the section "Checking whether client-connection channels set up using MQCONNX calls have been SSL-enabled".
Checking whether channel definitions have been SSL-enabled
For each queue manager on the computer you are working with, you must check whether any channels have been defined to use SSL. Display the SSLCIPH (CipherSpec) value for each channel defined on the queue manager. To do this you must have the queue manager running and have started the RUNMQSC environment. Enter DIS CHL(*) CHLTYPE SSLCIPH to display the channel details. The output should be similar to the following:

AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.SENDER) CHLTYPE(SDR) SSLCIPH( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.SERVER) CHLTYPE(SVR) SSLCIPH( )
AMQ8414: Display Channel details.
CHANNEL(TO.QM4) CHLTYPE(CLUSRCVR) SSLCIPH(RC4_MD5_EXPORT)
AMQ8414: Display Channel details.
CHANNEL(TO.QM5) CHLTYPE(CLUSSDR) SSLCIPH(RC4_MD5_EXPORT)
AMQ8414: Display Channel details.
CHANNEL(TO.QM6) CHLTYPE(SVR) SSLCIPH( )
AMQ8414: Display Channel details.
CHANNEL(TO.QM7) CHLTYPE(CLNTCONN) SSLCIPH(NULL_SHA)
AMQ8414: Display Channel details.
CHANNEL(TO.QM7) CHLTYPE(SVRCONN) SSLCIPH(NULL_SHA)

Channel definitions that have a value in the brackets after SSLCIPH are SSL channels. If there are any SSL channels the section "SSL migration steps" will apply. In the above example, the 'TO.QM4', 'TO.QM5', and both 'TO.QM7' channel definitions have a value for SSLCIPH.

Any client channel definition tables copied from another computer or accessed as a shared file on another computer will also need to be checked for SSLCIPH values. To check these values, either:

use DIS CHL(*) CHLTYPE SSLCIPH on the queue manager they were defined on
if your client is running on a system that has a local queue manager, change the MQCHLLIB and MQCHLTAB environment variables which relate to RUNMQSC to specify the directory path and filename of the relevant client channel definition table, then use the DIS CHL(*) CHLTYPE SSLCIPH command on the local queue manager. (Note: You should return the MQCHLLIB and MQCHLTAB settings to their previous values after completing this check.)

Any client-connection channel definitions that have been imported into Active Directory will also need to be checked for non-null SSLCIPH values. Display these definitions using the command setmqscp -d.



Checking whether client-connection channels set up using MQCONNX calls are SSL-enabled

For each client application that uses an MQCONNX call, search the MQCD channel definition structure for the optional SSLCipherSpec field, which provides equivalent values to SSLCIPH.

If the value of the SSLCipherSpec field is not null, the MQI channel used by the client application is an SSL channel and the section "SSL migration steps" will apply.
Labels:

Comments

Post a Comment

adsrerrapop

Popular posts from this blog

IBM Websphere MQ interview Questions Part 5

MQ Series: - It is an IBM web sphere product which is evolved in 1990’s. MQ series does transportation from one point to other. It is an EAI tool (Middle ware) VERSIONS:-5.0, 5.1, 5.3, 6.0, 7.0(new version). The currently using version is 6.2 Note: – MQ series supports more than 35+ operating systems. It is platform Independent. For every OS we have different MQ series software’s. But the functionality of MQ series Default path for installing MQ series is:- C: programfiles\BM\clipse\SDK30 C: programfiles\IBM\WebsphereMQ After installation it will create a group and user. Some middleware technologies are Tibco, SAP XI. MQ series deals with two things, they are OBJECTS, SERVICES. In OBJECTS we have • QUEUES • CHANNELS • PROCESS • AUTHENTICATION • QUERY MANAGER. In SERVICES we have LISTENERS. Objects: – objects are used to handle the transactions with the help of services. QUEUE MANAGER maintains all the objects and services. QUEUE: – it is a database structure ...
139 comments
Read more

IBM Websphere MQ Reason code list / mq reason codes / websphere mq error codes / mq error messages

Reason code list ================= The following is a list of reason codes, in numeric order, providing detailed information to help you understand them, including: * An explanation of the circumstances that have caused the code to be raised * The associated completion code * Suggested programmer actions in response to the code * 0 (0000) (RC0): MQRC_NONE * 900 (0384) (RC900): MQRC_APPL_FIRST * 999 (03E7) (RC999): MQRC_APPL_LAST * 2001 (07D1) (RC2001): MQRC_ALIAS_BASE_Q_TYPE_ERROR * 2002 (07D2) (RC2002): MQRC_ALREADY_CONNECTED * 2003 (07D3) (RC2003): MQRC_BACKED_OUT * 2004 (07D4) (RC2004): MQRC_BUFFER_ERROR * 2005 (07D5) (RC2005): MQRC_BUFFER_LENGTH_ERROR * 2006 (07D6) (RC2006): MQRC_CHAR_ATTR_LENGTH_ERROR * 2007 (07D7) (RC2007): MQRC_CHAR_ATTRS_ERROR * 2008 (07D8) (RC2008): MQRC_CHAR_ATTRS_TOO_SHORT * 2009 (07D9) (RC2009): MQRC_CONNECTION_BROKEN * 2010 (07DA) (RC2010): MQRC_DATA_LENGTH_ERROR * 2011 (07DB) (RC2011): MQRC_DYNAMIC_Q_NAME_ERROR * 2012 (07DC) (RC201...
3 comments
Read more

Message Broker (WMB) installation and setup on Linux

Message Broker (WMB) installation and setup on Linux Installing the Binaries As a first step download the trail version of the message broker binaries from IBM site and install them. this part is very simple and process is depends on your operating system. Like for windows, you have .exe file and Linux has rpm and unix you get pkg or other. After installation Set up a broker database [Windows] __ 1. Create the broker database, BRKDB. Open a WebSphere Message Broker Command Console: mqsicreatedb BRKDB This command also establishes the required ODBC connection. _ 2. Verify your user account for the broker database. [Linux] If you are creating Oracle databases for 32-bit brokers on Linux® and UNIX® systems, run the mqsi_setupdatabase command before you create a database. mqsi_setupdatabase– Database–Database_Home_Directory Eg:mqsi_setupdatabase oracle /oracle/product/9i/Db_1 Add $ORACLE_HOME/lib to the end of the MQSI_LIBPATH library search path environment variabl...
Post a Comment
Read more