Websphere MQ in C#: Where in the code to set SSL Keystore Password?
I have an MQ application that I need to use SSL connections with. I have been given a keystore to use and a password to use it, but what I am unsure of is where I need to go to set the value of the keystore password?
There are a few places in the MQ DLL's that I can see a password setting, but I don't want to set it in the wrong place. All开发者_C百科 of the other SSL stuff has been under the MQENVIRONMENT and there is a password there, but I can't seem to find anything that confirms this as the correct place.
What is the value I need to set for my SSL keystore's password?
(NOTE: I am writing this in C# using MQ version 7.)
The .Net classes do not use a Java keystore, but rather they use the WMQ kdb format keystore. This file format includes a "Stash file" which contains an obfuscated password. Point your program to the kdb in the environment variables as discussed on this page of the docs. The kdb is actually several files with the same prefix and different suffixes. What you see in the example is that the variable includes the path and the kdb prefix but no suffix.
I'm guessing the next question is "how do I get my jks into this kdb format?" To do this you must have GSKit installed. It is bundled with both WMQ Client and WMQ Server but depending on the version installed, the path differs slightly. Look under C:\Program Files\IBM\gsk7 for starters. There are several different user interfaces but the one you want is the compiled gsk7cmd.
C:\Program Files\IBM\gsk7\bin>gsk7cmd.exe -keydb -convert
A required value for the command was not specified:
-db Required
-Correct command usage-
-db Required
-pw Optional
-target Optional
-new_pw Optional
-old_format or -type Optional
-new_format Required <cms | jceks | jks | kdb | p12 | pkcs12>
-expire Optional <0 - 7300>
-stash Optional`
When converting from jks to kdb, be sure to specify the -stash option so that the program can find the password.
加载中,请稍侯......
精彩评论