Scribd Logo
Unggah

Selamat datang di Scribd!

  • SSL

    Diunggah oleh

    shyam
    15 tayangan2 halaman
    SSL in IIB

    Judul Asli

    Ssl

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    TXT, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    SSL in IIB

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    15 tayangan2 halaman

    SSL

    Diunggah oleh

    shyam
    SSL in IIB

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 2

    After successfully compleation of the two way communication follow the below steps.

    Create QM1 key repository :


    runmqckm -keydb -create -db "/var/mqm/qmgrs/QM1/ssl/qm1.kdb" -pw sarasu10 -type cms
    -expire 30 -stash

    Create QM2 key repository :


    runmqckm -keydb -create -db "/var/mqm/qmgrs/QM2/ssl/qm2.kdb" -pw sarasu10 -type cms
    -expire 30 -stash

    Create CA repository :
    runmqckm -keydb -create -db "/var/mqm/ssl/wmqca.kdb" -pw sarasu10 -type cms -expire
    30 -stash

    Create CA certificate:
    runmqckm -cert -create -db "/var/mqm/ssl/wmqca.kdb" -pw sarasu10 -label wmqca -dn
    "CN=WMQ CA,OU=WMQ,O=Abhijeet,L=Chelmsford,ST=Essex,C=UK" -expire 30

    Extract the public CA certificate:


    runmqckm -cert -extract -db "/var/mqm/ssl/wmqca.kdb" -pw sarasu10 -label wmqca
    -target wmqca.crt -format ascii

    Add the public CA certificate to QM1's key repository :


    runmqckm -cert -add -db "/var/mqm/qmgrs/QM1/ssl/qm1.kdb" -pw sarasu10 -label wmqca
    -file wmqca.crt -format ascii

    Add the public CA certificate to QM2's key repository :


    runmqckm -cert -add -db "/var/mqm/qmgrs/QM2/ssl/qm2.kdb" -pw sarasu10 -label wmqca
    -file wmqca.crt -format ascii

    Create QM1's certificate request :


    runmqckm -certreq -create -db "/var/mqm/qmgrs/QM1/ssl/qm1.kdb" -pw sarasu10 -label
    ibmwebspheremqqm1 -dn "CN=QM1,OU=WMQ,O=Abhijeet,L=Chelmsford,ST=Essex,C=UK" -file
    qm1req.arm

    Create QM2's certificate request :


    runmqckm -certreq -create -db "/var/mqm/qmgrs/QM2/ssl/qm2.kdb" -pw sarasu10 -label
    ibmwebspheremqqm2 -dn "CN=QM2,OU=WMQ,O=Abhijeet,L=Chelmsford,ST=Essex,C=UK" -file
    qm2req.arm

    Sign QM1's certificate:


    runmqckm -cert -sign -file qm1req.arm -db "/var/mqm/ssl/wmqca.kdb" -pw sarasu10
    -label wmqca -target qm1cert.arm -format ascii -expire 29

    Sign QM2's certificate:


    runmqckm -cert -sign -file qm2req.arm -db "/var/mqm/ssl/wmqca.kdb" -pw sarasu10
    -label wmqca -target qm2cert.arm -format ascii -expire 29
    Add QM1's certificate to QM1's key repository:
    runmqckm -cert -receive -db "/var/mqm/qmgrs/QM1/ssl/qm1.kdb" -pw sarasu10 -file
    qm1cert.arm -format ascii

    Add QM2's certificate to QM2's key repository:


    runmqckm -cert -receive -db "/var/mqm/qmgrs/QM2/ssl/qm2.kdb" -pw sarasu10 -file
    qm2cert.arm -format ascii

    Extract the public key for QMGR1 for use with other queue managers ***
    runmqckm -cert -extract -db "/var/mqm/qmgrs/QM1/ssl/qm1.kdb" -pw sarasu10 -label
    ibmwebspheremqqm1 -target qm1cert.arm

    Extract the public key for QMGR1 for use with other queue managers ***
    runmqckm -cert -extract -db "/var/mqm/qmgrs/QM2/ssl/qm2.kdb" -pw sarasu10 -label
    ibmwebspheremqqm2 -target qm2cert.arm

    add the public key for QMGR2 to the QMGR1 key repository **
    runmqckm -cert -add -db /var/mqm/qmgrs/QM1/ssl/qm1.kdb -pw sarasu10 -label
    ibmwebspheremqqm2 -file qm2cert.arm

    add the public key for QMGR1 to the QMGR2 key repository ***
    runmqckm -cert -add -db /var/mqm/qmgrs/QM2/ssl/qm2.kdb -pw sarasu10 -label
    ibmwebspheremqqm1 -file qm1cert.arm

    Set QM1's queue manager key repository :


    ALTER QMGR SSLKEYR('/var/mqm/qmgrs/QM1/ssl/qm1')
    Set QM2's queue manager key repository:
    ALTER QMGR SSLKEYR('/var/mqm/qmgrs/QM2/ssl/qm2')

    ALTER CHANNEL(QM1.TO.QM2) CHLTYPE(SDR) TRPTYPE(TCP)


    SSLCIPH(TLS_RSA_WITH_AES_256_CBC_SHA)
    ALTER CHANNEL(QM1.TO.QM2) CHLTYPE(RCVR) TRPTYPE(TCP)
    SSLCIPH(TLS_RSA_WITH_AES_256_CBC_SHA)
    Stop channels ..on both sides
    refresh security type(ssl) ..on boathsides

    start channels ..on both sides


    refresh security type(ssl) ..on boathsides

    check:
    dis chs(QM1.TO.QM2) ALL
    runmqakm -certreq -list -db
    runmqckm -cert -list -db "/var/mqm/qmgrs/QM1/ssl/qm1.kdb" -pw sarasu10

    Anda mungkin juga menyukai