Payara SSL queue connection

0
votes

I would like to connect to a Queue manager on Payara 5.2020.7 with SSL.

I have a .jks file for the connection.
The payara server also have a cacert.jks and a keystore.jks -D paramter. Payara server JMS options

I can not add my queue .jks to server's jvm options because it overwrites the default one on the server.
On Weblogic I simply add this to Server start parameters and the connection works:

  • Djavax.net.ssl.keyStore=/opt/oracle/config/app/ssl/MQ-CLIENT-TEST.jks
  • Djavax.net.ssl.trustStore=/opt/oracle/config/app/ssl/MQ-CLIENT-TEST.jks

Can you help me?

1
ibm-mqpayara
Can you add your keys to the existing key store?JoshMc

1 Answers

-1
votes

Im not sure what you mean by your queue's .jks. A java client has a .jks, a c client has a .rbb/.kdb.

The server has a .rdb/.kdb. If your client certificate is self signed, then you need to import the public part into the servers key store. If the clients certificate is signed by a CA, the server's key store needs the CA.

The svrconn channel can have its own CERTLABL, or use the queue manager's one. This needs to be in the server's key store.

If the svrconns certifiate is self signed, the client needs the public part of it, it is is signed by a CA, the client needs the CA.

good luck

Colin