MQ01: Using LDAP and SSL with WebSphere MQ and MQIPT
Downloadable files
Abstract
Sample LDAP server configuration, SSL certificates and CRLs for use with WebSphere MQ and MQIPT certificate revocation checking.
Download Description
In large organisations, managing the certificates used for SSL authentication can be difficult, especially if the private key corresponding to a certificate becomes compromised. Many people therefore choose to use SSL Certificate Revocation Lists (CRLs) to revoke certificates which are compromised or no longer required.
This SupportPac consists of sample SSL certificates and LDAP CRL configurations. The purpose is to demonstrate how to configure WebSphere MQ to use LDAP CRL checking to manage SSL trust across an organisation.
POSSIBLE USES
Users of MQIPT will also find some useful information on use of LDAP CRLs in their route setup.
The sample SSL certificates and CRLs can be deployed in a customer’s test/QA environment to test this functionality and give administrators practical experience of managing certificates using LDAP and CRLs.
SKILL LEVEL REQUIRED
Users must be familiar with common WMQ administration tasks including channel and queue definition. Also users ideally will have some knowledge of SSL configuration.
DETAILS
Author: Andrew Akehurst, WebSphere MQ L3 Service, Hursley
Category: 2
Released: 28Nov06
Current Version: 1.0
»Please note that the version number shown in the right-hand pane is the version of the MQ or WBI product that this SupportPac applies to. The date is the last webpage refresh.
An installation of WebSphere MQ 5.3 or later. The sections on MQIPT assume the use of IPT 1.3 or later.
Installation Instructions
Unpack the archive file to a suitable directory.
On Windows:
1. Right-click the ZIP file and select “Extract all” from the pop-up menu.
2. The Extaction Wizard appears. Click the Next button.
3. Choose where to unzip the files and click Next.
4. Press Finish.
On Unix:
1. Create a directory to install the SupportPac files. For example:
mkdir /opt/wmqldap
2. Untar the archive using the following commands:
mv mq01.tar.gz /opt/wmqldap
cd /opt/wmqldap
gunzip -c mq01.tar.gz | tar xvf –
Category 2 SupportPacs are provided in good faith and AS-IS. There is no warranty or further service implied or committed and any supplied sample code is not supported via IBM product service channels.
You may submit a question using the 'rate this page' below but a response is not guaranteed.
Please read the license information contained within the zip file of this SupportPac to determine if you want to use it.
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
