In my last post outlining the different GSkit commands for SSL administration, I forgot to mention a couple of tools that I regularly use: SSL Config Wizard and SSLcheck.
They are both SupportPacs provided free from ibm.com.
A Java GUI which shows you a series of forms to collect the information needed to create your SSL certificates and key repositories. It then uses this to generate the commands that you need to set it up.
This is very useful as a quick way to write the commands you need without needing to remember the GSkit syntax!
A command-line tool which examines an existing SSL configuration looking for common configuration mistakes and providing recommendations for resolving problems.
It’s useful as a quick sanity check on a new setup, or to examine existing setups for potential problems that you might not have been aware of.
(Apologies for the blatant self-promotion, as this SupportPac is actually one of mine – but I do find it useful. If I didn’t, I wouldn’t have wrote it!)
Does anyone else have any tools that they use to help with SSL?
2 comments
Comments feed for this article
February 8, 2007 at 7:30 pm
peterbroadhurst
KeyMan
This tool from alphaWorks is quite useful for inspecting PKCS12 files. For example to modify the ‘label’ (or ‘friendly name’) of a personal certificate – if a CA sends one to you with a label other than ibmwebspheremq<qmname>
This used to be more of an issue with WebSphere MQ V5.3, but now GSKit 7 (in WMQ V6.0) allows you to change the label when running the import command. There’s a HOWTO TechNote on V5.3 the issue here:
http://www.ibm.com/support/docview.wss?rs=171&uid=swg21225160
May 8, 2007 at 4:06 pm
t0mmcc
Dale
in the pdf for the WebSphere MQ SSL Checker (MH03) it mentions
Intended future development:
● SSL file permissions (Windows systems)
● More detailed SSLPEER checking
● A version for WebSphere MQ v5.3 (i.e. a version using GSkit v6 rather than v7)
When do u think you’ll have a version of MH03 that can be used with MQV5.3 ?