From: MQSeries List [mailto:[EMAIL PROTECTED] On Behalf Of Peter Gersak
Sent: Tuesday, November 23, 2004 5:17 AM
To: [EMAIL PROTECTED]
Subject: MQ on z/OS security (SSL) question.
I noticed strange MQ SVRCONN channel behavior. Channel is enabled for SSL encryption and SSL client certificate is enforced.
The client certificate's public keys are stored in RACF. The channel parameters are:
DEFINE CHANNEL ('CHLA') +
DESCR('MQ SVRCONN chl for users') +
MCAUSER(' ') +
RCVDATA(' ') +
RCVEXIT(' ') +
SCYDATA(' ') +
SCYEXIT(' ') +
SENDDATA(' ') +
SENDEXIT(' ') +
SSLPEER(' ') +
From RACF I have removed a public certificate user and got the following message:
+CSQX632I +MQ1 CSQXRESP SSL certificate has no associated user ID, 315
remote channel ????
- channel initiator user ID used
+CSQX500I +MQ1 CSQXRESP Channel MQCHANN1 started
So, the certificate could not be located, so the CHINIT user id was used. But my understanding is that this connection should fail (because of the parameter SSLCAUTH(REQUIRED)). The PUTAUT(DEF) parameter is left blank intentionally because many users with different userIDs are using the same channel.
Any suggestions? Is this normal behavior? What should I do in order to enforce SSL authentication?
Best Regards, Peter
3Gen d.o.o., Tr>a9ka 21, 1000 Ljubljana
M: +386 31 332 787
T: +386 1 42 10 475
E: [EMAIL PROTECTED]
This e-mail message and any attachments contain confidential information from Medco. If you are not the intended recipient, you are hereby notified that disclosure, printing, copying, distribution, or the taking of any action in reliance on the contents of this electronic information is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender by reply message and then delete the electronic message and any attachments.