MQ01: Using LDAP and SSL with WebSphere MQ and MQIPT
Sample LDAP server configuration, SSL certificates and CRLs for use with WebSphere MQ and MQIPT certificate revocation checking.
In large organisations, managing the certificates used for SSL authentication can be difficult, especially if the private key corresponding to a certificate becomes compromised. Many people therefore choose to use SSL Certificate Revocation Lists (CRLs) to revoke certificates which are compromised or no longer required.
This SupportPac consists of sample SSL certificates and LDAP CRL configurations. The purpose is to demonstrate how to configure WebSphere MQ to use LDAP CRL checking to manage SSL trust across an organisation.
Users of MQIPT will also find some useful information on use of LDAP CRLs in their route setup.
The sample SSL certificates and CRLs can be deployed in a customer’s test/QA environment to test this functionality and give administrators practical experience of managing certificates using LDAP and CRLs.
SKILL LEVEL REQUIRED
Users must be familiar with common WMQ administration tasks including channel and queue definition. Also users ideally will have some knowledge of SSL configuration.
Author: Andrew Akehurst, WebSphere MQ L3 Service, Hursley
Current Version: 1.0
»Please note that the version number shown in the right-hand pane is the version of the MQ or WBI product that this SupportPac applies to. The date is the last webpage refresh.
To view the complete portfolio of WebSphere MQ SupportPacs please visit the WebSphere MQ SupportPacs homepage:
An installation of WebSphere MQ 5.3 or later. The sections on MQIPT assume the use of IPT 1.3 or later.
Unpack the archive file to a suitable directory.
1. Right-click the ZIP file and select “Extract all” from the pop-up menu.
2. The Extaction Wizard appears. Click the Next button.
3. Choose where to unzip the files and click Next.
4. Press Finish.
1. Create a directory to install the SupportPac files. For example:
2. Untar the archive using the following commands:
mv mq01.tar.gz /opt/wmqldap
gunzip -c mq01.tar.gz | tar xvf –
|Download||RELEASE DATE||LANGUAGE||SIZE(Bytes)||Download Options|
Category 2 SupportPacs are provided in good faith and AS-IS. There is no warranty or further service implied or committed and any supplied sample code is not supported via IBM product service channels.
You may submit a question using the 'rate this page' below but a response is not guaranteed.
Please read the license information contained within the zip file of this SupportPac to determine if you want to use it.