Testing for failure of SSL client authentication

 

To test for failure of SSL client authentication, prevent the the SSL client from sending a certificate in response to a request from the SSL server.

On OS/400, remove the certificate labelled ibmwebspheremq followed by the name of the queue manager folded to lower case. For example, for PARIS, ibmwebspheremqPARIS

On UNIX systems, remove from the SSL client's key repository both:

  • The certificate labelled:

    • For a queue manager, ibmwebspheremq followed by the name of the queue manager folded to lower case. For example, for PARIS, ibmwebspheremqPARIS, or,

    • For a WebSphere MQ client, ibmwebspheremq followed by the logon user ID folded to lower case, for example ibmwebspheremqmyuserid.

  • The default certificate (which might be the ibmwebspheremq certificate).

On z/OS, remove from the SSL client's key repository both:

  • The certificate labelled ibmWebSphereMQ followed by the name of the queue manager, for example ibmWebSphereMQPARIS

  • The default certificate (which might be the ibmWebSphereMQ certificate).

On Windows systems, unassign the certificate from the queue manager or WebSphere MQ client, as described in Removing and unassigning certificates.

Note:
On OS/400, UNIX systems, and z/OS, you remove the certificates from the key repository. If you do not already have a copy of a certificate and you want to restore it after testing for failure of SSL client authentication, you must save a copy of the certificate.

The following procedure assumes that:

  • PARIS is the SSL client

  • LONDON is the SSL server

  1. Remove the personal certificates for PARIS.

  2. On LONDON, define the channel with SSLCAUTH set to REQUIRED.

  3. On PARIS, start the channel. Note that the authentication failure produces an error message at both ends of the channel and raises an error event at both ends of the channel.

When testing is complete, if necessary, restore the personal certificates you removed to the key repository for PARIS.

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.