Tuesday 25 August 2020

MQ SSL SUTUP FULL

 One way SSL:

-------------------------


crtmqm SSL1

strmqm SSL1

runmqsc SSL1


define qremote(RQ) rname(LQ2) rqmname(SSL2) xmitq (TQ)

def ql(TQ) usage(XMITQ)

define chl(SSL1.SSL2) chltype(SDR) conname('10.80.49.181(1414)') xmitq(TQ)


start chl(SSL1.SSL2)

dis chs(SSL1.SSL2)

stop chl(SSL1.SSL2)


runmqckm -keydb -create -db /var/mqm/qmgrs/SSL1/ssl/key.kdb -type cms -pw rbl@123 -stash

Label shouble be same as define qmgr properties

dis qmgr

runmqckm -cert -create -db /var/mqm/qmgrs/SSL1/ssl/key.kdb -pw rbl@123 -label ibmwebspheremqssl1 -dn "CN=test1,O=RBL,C=IN" -size 2048

runmqckm -cert -extract -db /var/mqm/qmgrs/SSL1/ssl/key.kdb -pw rbl@123 -label ibmwebspheremqssl1 -target /var/mqm/qmgrs/SSL1/ssl/ssl1.arm

runmqsc SSL1

alter chl(SSL1.SSL2) chltype(SDR) sslciph(TLS_RSA_WITH_AES_128_CBC_SHA)

REFRESH SECURITY TYPE(SSL)



crtmqm SSL2

strmqm SSL2

runmqsc SSL2

define ql(LQ2)

define channel(SSL1.SSL2) chltype(RCVR)

define listener(LSTR) trptype(TCP) port(2018) control(QMGR)

start listener(LSTR)

display lsstatus(LSTR)

runmqckm -keydb -create -db /var/mqm/qmgrs/SSL2/ssl/key.kdb -type cms -pw rbl@123 -stash

runmqckm -cert -create -db /var/mqm/qmgrs/SSL2/ssl/key.kdb -pw rbl@123 -label ibmwebspheremqssl2 -dn "CN=test2,O=RBL,C=IN" -size 2048

runmqckm -cert -extract -db /var/mqm/qmgrs/SSL2/ssl/key.kdb -pw rbl@123 -label ibmwebspheremqssl2 -target /var/mqm/qmgrs/SSL2/ssl/key.kdb

runmqsc SSL2

alter chl(SSL1.SSL2) chltype(RCVR) sslciph(TLS_RSA_WITH_AES_128_CBC_SHA)

REFRESH SECURITY TYPE(SSL)

dis chs(SSL1.SSL2) SSLPEER SSLCERTI



runmqckm -cert -add -db /var/mqm/qmgrs/SSL1/ssl/key.kdb -pw rbl@123 -label ssl2_signer_Cert -file /var/mqm/qmgrs/SSL2/ssl/ssl2.arm

runmqckm -cert -add -db /var/mqm/qmgrs/SSL2/ssl/key.kdb -pw rbl@123 -label ssl1_signer_Cert -file /var/mqm/qmgrs/SSL1/ssl/ssl1.arm


TWO way SSL:

--------------------


runmqsc SSL2

define qremote(RQ1) rname(LQ1) rqmname(SSL1) xmitq (TQ1)

def ql(TQ1) usage(XMITQ)


define chl(SSL2.SSL1) chltype(SDR) conname('10.80.49.181(1415)') xmitq(TQ1)

start chl(SSL2.SSL1)

dis chl(SSL2.SSL1)

stop chl(SSL2.SSL1)


alter chl(SSL2.SSL1) chltype(SDR) sslciph(TLS_RSA_WITH_AES_128_CBC_SHA)

REFRESH SECURITY TYPE(SSL)

start chl(SSL2.SSL1)

dis chl(SSL2.SSL1)


runmqsc SSL1

define ql(LQ1)

define channel(SSL2.SSL1) chltype(RCVR) sslcauth(REQUIRED)

define listener(LSTR1) trptype(TCP) port(1415) control(QMGR)

start listener(LSTR1)

runmqsc SSL1

alter chl(SSL2.SSL1) chltype(RCVR) sslciph(TLS_RSA_WITH_AES_128_CBC_SHA)

REFRESH SECURITY TYPE(SSL)


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)