search

ibm-messaging / mq-golang

Calling IBM MQ from Go applications
Apache License 2.0
168 stars 60 forks source link

Is same kdb store used for client certs and server certs? #197

Closed irl-segfault closed 1 year ago

irl-segfault commented 1 year ago

When doing mTLS, I'm trying to do the following

    mqcno := ibmmq.NewMQCNO()
    mqcno.CCDTUrl = "./ccdt.json"
    sco := ibmmq.NewMQSCO()
    sco.KeyRepository = "/ssl/client"
    sco.CertificateLabel = "test"
    mqcno.SSLConfig = sco
    fmt.Println("attempting to connect")
    qmgr, err := ibmmq.Connx("channelName", mqcno)
    if err != nil {
        fmt.Println(err)
    }
    fmt.Println("connected succesfully")
    qmgr.Disc()

It hanges when trying to connect. My question is, should the server cert that we intend to trust be stored in the same client.kdb file as the cert that the client itself presents to the server?

Thanks.

ibmmqmet commented 1 year ago

A single kdb file holds both private keys for the client and the CA signing certs associated with the server's certificate (or the cert itself if using self-signed).