Discussion:
MCAUSER & SSL on z/OS
Gordon, Rob
2014-08-05 16:52:24 UTC
Permalink
Greetings. We're running MQ 7.0.1 on z/OS with SSL and I'm being asked to implement MCAUSER. Do the SSL certificates need to be attached to MCAUSER's keyring or can they remain on the channel initiator user-ID's keyring?

Thanks.

Rob



Use of email is inherently insecure. Confidential information,
including account information, and personally identifiable
information, should not be transmitted via email, or email
attachment. The information in this email may contain confidential
and/or privileged information and is intended only for the use of
the individual/entity named above. Any disclosure, copying,
distribution or use of this information is strictly prohibited. If
you have received this communication in error, please notify the
sender immediately and destroy any record of this email.

RBS Citizens, N.A. is an affiliate of RBS Citizens Financial Group,
Inc.

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
Neil Casey
2014-08-05 23:19:45 UTC
Permalink
Hi Rob,

I haven’t done that for a while, but as I recall, the keyring has to belong to the chinit user.

The SSL exchange has to be completed before the channel name is known, and the mcauser can’t be assigned until then, so the keyring needs to be available to the chinit user, as that is the only one available at that point in the exchange.

Regards,


Neil
--
Neil Casey
Senior Consultant | Syntegrity Solutions

+61 414 615 334 neil.casey-VLLIzlmz+***@public.gmane.org
Syntegrity Solutions Pty Ltd | Level 23 | 40 City Road | Southgate | VIC 3006
Analyse >> Integrate >> Secure >> Educate
Greetings. We’re running MQ 7.0.1 on z/OS with SSL and I’m being asked to implement MCAUSER. Do the SSL certificates need to be attached to MCAUSER’s keyring or can they remain on the channel initiator user-ID’s keyring?
Thanks.
Rob
Use of email is inherently insecure. Confidential information, including account information, and personally identifiable information, should not be transmitted via email, or email attachment. The information in this email may contain confidential and/or privileged information and is intended only for the use of the individual/entity named above. Any disclosure, copying, distribution or use of this information is strictly prohibited. If you have received this communication in error, please notify the sender immediately and destroy any record of this email.
RBS Citizens, N.A. is an affiliate of RBS Citizens Financial Group, Inc.
List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com
To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
Loading...