Can I use the same keystore and cert for AMS that my app already uses?
1
There are 1 best solutions below
Related Questions in JMS
- Using selector with JMSMessageID always returns null
- Put JMS message properties in IBM MQ queue and access from other JMS client which run on Websphere liberty
- How to browse ActiveMQ queue using JMS selector when number of messages in queue is > 100K
- How to tell if a JMS Session is async
- ActiveMQ Artemis - Get current redelivery count for scheduled messages
- Valid value usage in JMeter's JMS Subscriber 'JMS Selector' property - in order to consume messages with a dynamically changing JMSCorrelationID
- Setting the Maximum Message Size for JMS Destinations in Payara
- ActiveMQ Artemis HA split-brain issue on OOME crash
- JMeter JMS Publisher: Getting the JMSMessageId (generated at runtime) in the header and using it as the value of another JMS Property before publish
- ActiveMQ Artemis: Muticast address deliver messages inconsistently
- ActiveMQ Artemis Consumer Connection Distribution
- ActiveMQ Artemis server produces lots of AMQ224016 error in logs after migration to Jakarta API client
- How to create a JMS queue with topic in Docker Compose?
- jakarta.jms.JMSException: Failed to build body from content. Serializable class not available to broker
- How do i stop @JmsListener from listening a queue using JmsListenerEndpointRegistry in spring boot?
Related Questions in IBM-MQ
- Problem with C# submitting file to IBM MQ Broker
- Put JMS message properties in IBM MQ queue and access from other JMS client which run on Websphere liberty
- pymqi connection calls fail in subprocesses on osx *and* the exception kills the python shell
- MQRC_Q_MGR_NAME_ERROR
- MQRC_KEY_REPOSITORY_ERROR appear when connect to remote queue server with SSL
- How to connect to multiple IBM queue connections having different QM, Host, Port from Java
- Exception while launching swagger for .net 6 API using IBM MQ
- ERROR: Process message with RFH2 header using python to IBM MQ
- Copy MQ segmentation enabled messages to multiple queues on IBM MQ 9.2.0.7
- Start an apache camel route from a different spring boot application
- How to get a IBM MQ message by Message ID using bash ? is there a tool available?
- How to set TLS Cipher TLS_RSA_WITH_AES_128_GCM_SHA256 on Windows 2016
- Spring boot upgarde issue come. Ibm. disthub2. Impl. Jms. TextMesaageImpl
- Exist some way to extract the correlation-Id property from of a MQ message using AMQP?
- IBM MQ not returning Correlation ID
Related Questions in WEBSPHERE-MQ-AMS
- on AIX and Linux, an MQ MFT agent runs as the user mqm by default - how to specify a different user
- Getting Invalid Key exception using JBOSS process with AMS enabled IBM MQ
- I do see in QM log:The call to initialize the User ID 'msgw' failed withReason 2035.If an MQCSP block was used, the User ID in the MQCSP block was
- IBM MQ Configuration
- Websphere FTE agent going to Unreachable state
- MQPUT fails:2035 when enabling AMS in multi threaded environment
- Retrieve messages from AMS enabled IBM web sphere MQ
- how to add message level security in c# for IBM WebSphere MQ
- WMQ AMS keystore
- End to end security with WMQ AMS
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You can, but also have the option to use separate certs and/or keystores if you want. The keystore.conf file contains the details of the keystore and the label of the certificate that AMS will use for encrypting and signing messages. This can point to the same certificate as used by the application for making connections to WebSphere MQ, the same certificate the app server uses for SSL connections or an entirely separate keystore dedicated to AMS.
The key (excuse the pun) is to manage the keystores based on the security model required. The app server's keystore probably has a number of external-facing certificates in its trust store. For example, it might trust several commercial certificate authorities. The AMS keystore must contain the certificates of anyone who will be signing or encrypting messages that your app will consume or receiving encrypted messages from your app. Since these are usually internal-facing it might be worthwhile to use a separate keystore for AMS than is used for external-facing entities. Otherwise the two different security models (internal-facing and external-facing) end up trusting each others participants.
This is just one example and in general the idea is to construct the keystores based on the specific security model required and using a least-trust principle. You have to balance the cost of maintaining separate keystores against the extra security of maintaining individual ones.