Tuesday 25 August 2020

MQ SSL SUTUP FULL

 One way SSL:

-------------------------


crtmqm SSL1

strmqm SSL1

runmqsc SSL1


define qremote(RQ) rname(LQ2) rqmname(SSL2) xmitq (TQ)

def ql(TQ) usage(XMITQ)

define chl(SSL1.SSL2) chltype(SDR) conname('10.80.49.181(1414)') xmitq(TQ)


start chl(SSL1.SSL2)

dis chs(SSL1.SSL2)

stop chl(SSL1.SSL2)


runmqckm -keydb -create -db /var/mqm/qmgrs/SSL1/ssl/key.kdb -type cms -pw rbl@123 -stash

Label shouble be same as define qmgr properties

dis qmgr

runmqckm -cert -create -db /var/mqm/qmgrs/SSL1/ssl/key.kdb -pw rbl@123 -label ibmwebspheremqssl1 -dn "CN=test1,O=RBL,C=IN" -size 2048

runmqckm -cert -extract -db /var/mqm/qmgrs/SSL1/ssl/key.kdb -pw rbl@123 -label ibmwebspheremqssl1 -target /var/mqm/qmgrs/SSL1/ssl/ssl1.arm

runmqsc SSL1

alter chl(SSL1.SSL2) chltype(SDR) sslciph(TLS_RSA_WITH_AES_128_CBC_SHA)

REFRESH SECURITY TYPE(SSL)



crtmqm SSL2

strmqm SSL2

runmqsc SSL2

define ql(LQ2)

define channel(SSL1.SSL2) chltype(RCVR)

define listener(LSTR) trptype(TCP) port(2018) control(QMGR)

start listener(LSTR)

display lsstatus(LSTR)

runmqckm -keydb -create -db /var/mqm/qmgrs/SSL2/ssl/key.kdb -type cms -pw rbl@123 -stash

runmqckm -cert -create -db /var/mqm/qmgrs/SSL2/ssl/key.kdb -pw rbl@123 -label ibmwebspheremqssl2 -dn "CN=test2,O=RBL,C=IN" -size 2048

runmqckm -cert -extract -db /var/mqm/qmgrs/SSL2/ssl/key.kdb -pw rbl@123 -label ibmwebspheremqssl2 -target /var/mqm/qmgrs/SSL2/ssl/key.kdb

runmqsc SSL2

alter chl(SSL1.SSL2) chltype(RCVR) sslciph(TLS_RSA_WITH_AES_128_CBC_SHA)

REFRESH SECURITY TYPE(SSL)

dis chs(SSL1.SSL2) SSLPEER SSLCERTI



runmqckm -cert -add -db /var/mqm/qmgrs/SSL1/ssl/key.kdb -pw rbl@123 -label ssl2_signer_Cert -file /var/mqm/qmgrs/SSL2/ssl/ssl2.arm

runmqckm -cert -add -db /var/mqm/qmgrs/SSL2/ssl/key.kdb -pw rbl@123 -label ssl1_signer_Cert -file /var/mqm/qmgrs/SSL1/ssl/ssl1.arm


TWO way SSL:

--------------------


runmqsc SSL2

define qremote(RQ1) rname(LQ1) rqmname(SSL1) xmitq (TQ1)

def ql(TQ1) usage(XMITQ)


define chl(SSL2.SSL1) chltype(SDR) conname('10.80.49.181(1415)') xmitq(TQ1)

start chl(SSL2.SSL1)

dis chl(SSL2.SSL1)

stop chl(SSL2.SSL1)


alter chl(SSL2.SSL1) chltype(SDR) sslciph(TLS_RSA_WITH_AES_128_CBC_SHA)

REFRESH SECURITY TYPE(SSL)

start chl(SSL2.SSL1)

dis chl(SSL2.SSL1)


runmqsc SSL1

define ql(LQ1)

define channel(SSL2.SSL1) chltype(RCVR) sslcauth(REQUIRED)

define listener(LSTR1) trptype(TCP) port(1415) control(QMGR)

start listener(LSTR1)

runmqsc SSL1

alter chl(SSL2.SSL1) chltype(RCVR) sslciph(TLS_RSA_WITH_AES_128_CBC_SHA)

REFRESH SECURITY TYPE(SSL)


Posted by at No comments:

MQ SETUP SAMPLE


crtmqm CCAPPQMGRP3



dis lsstatus(*)


DEF LISTENER(CCAPPQMGRP3.TCP) TRPTYPE(TCP) PORT(1521) CONTROL(QMGR)



START LISTENER(CCAPPQMGRP3.TCP)


display LISTENER(CCAPPQMGRP3.TCP)



DISPLAY LSSTATUS(CCAPPQMGRP3.TCP)


DEF chl(CCAPPQMGRP3.CHL) chltype(SVRCONN) TRPTYPE(TCP) 



ALTER QMGR CHLAUTH(DISABLED)



alter authinfo(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) authtype(IDPWOS) chckclnt(OPTIONAL)


refresh sucurity



DEF QL(MQCC01) USAGE(XMITQ)


DEF CHL(CCAPPQMGRP3.RBLCC01) CHLTYPE(SDR) TRPTYPE(TCP) CONNAME('10.60.2.194(1414)') XMITQ(MQCC01) DISCINT(0)


start chl(CCAPPQMGRP3.RBLCC01)


dis chs(CCAPPQMGRP3.RBLCC01)






DEF CHL(RBLCC01.CCAPPQMGRP3) CHLTYPE(RCVR) TRPTYPE(TCP)



====DEF QR(RBLVPMG.REQUEST) RNAME(RBLVPMG.REQUEST) RQMNAME(MFI1) XMITQ(MQCC01)


DEF QR(RBLVPMG.REQUEST3) RNAME(RBLVPMG.REQUESTS) RQMNAME(MFI1) XMITQ(MQCC01)


DEF QL(MQVPMG.RESPONSE3)


++++

====




10.80.64.208


crtmqm CCAPPQMGRP4



DEF LISTENER(CCAPPQMGRP4.TCP) TRPTYPE(TCP) PORT(1521) CONTROL(QMGR)



START LISTENER(CCAPPQMGRP4.TCP)


display LISTENER(CCAPPQMGRP4.TCP)



DISPLAY LSSTATUS(CCAPPQMGRP4.TCP)




DEF chl(CCAPPQMGRP4.CHL) chltype(SVRCONN) TRPTYPE(TCP) 




ALTER QMGR CHLAUTH(DISABLED)



alter authinfo(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) authtype(IDPWOS) chckclnt(NONE)



DEF QL(MQCC01) USAGE(XMITQ)





DEF CHL(CCAPPQMGRP4.RBLCC01) CHLTYPE(SDR) TRPTYPE(TCP) CONNAME('10.60.2.194(1414)') XMITQ(MQCC01) DISCINT(0)




DEF CHL(RBLCC01.CCAPPQMGRP4) CHLTYPE(RCVR) TRPTYPE(TCP)




DEF QR(RBLVPMG.REQUEST4) RNAME(RBLVPMG.REQUESTS) RQMNAME(MFI1) XMITQ(MQCC01)



DEF QL(MQVPMG.RESPONSE4)



dis chs(CCAPPQMGRP4.RBLCC01)



start chl(CCAPPQMGRP4.RBLCC01)



====


10.




DEF CHL(CCAPPQMGRP3.RBLCC01) CHLTYPE(RCVR) TRPTYPE(TCP)



DEF CHL(CCAPPQMGRP4.RBLCC01) CHLTYPE(RCVR) TRPTYPE(TCP)





DEF CHL(RBLCC01.CCAPPQMGRP3) CHLTYPE(SDR) TRPTYPE(TCP) CONNAME('10.80.64.207(1521)') XMITQ(CCAPPQMGRP3) DISCINT(0)


start chl(RBLCC01.CCAPPQMGRP3) ***


dis chs(RBLCC01.CCAPPQMGRU3)



DEF CHL(RBLCC01.CCAPPQMGRP4) CHLTYPE(SDR) TRPTYPE(TCP) CONNAME('10.80.64.208(1521)') XMITQ(CCAPPQMGRP4) DISCINT(0)



start chl(MQCC01.CCAPPQMGRP4)


dis chs(MQ

CC01.CCAPPQMGRP4)



def ql(CCAPPQMGRP3) usage(XMITQ) trigger trigtype(first) trigdata(RBLCC01.CCAPPQMGRU3) initq(SYSTEM.CHANNEL.INITQ)


def ql(CCAPPQMGRP4) usage(XMITQ) trigger trigtype(first) trigdata(RBLCC01.CCAPPQMGRP4) initq(SYSTEM.CHANNEL.INITQ)



def queueremote






DEF QR(CCAPPQMGRP3.RESPONSE) RNAME(RBLVPMG.RESPONSE3) RQMNAME(CCAPPQMGRP3) XMITQ(CCAPPQMGRP3)


DEF QR(CCAPPQMGRP4.RESPONSE) RNAME(RBLVPMG.RESPONSE4) RQMNAME(CCAPPQMGRP4) XMITQ(CCAPPQMGRP4)








DEF QA(ALQ.CCAPPQMGRP3.RESPONSE) TARGET (CCAPPQMGRP3.RESPONSE) 


DEF QA(ALQ.CCAPPQMGRP4.RESPONSE) TARGET (CCAPPQMGRP4.RESPONSE) 



triggering done with two channels.


Posted by at No comments:
Subscribe to: Posts (Atom)