All Apps and Add-ons

Configure JMS Mod Input to use the CipherSpec and the certificate to connect to secured queues

flee
Path Finder

Hello,

We're using JMS Mod Input. We use the .bindings file to connect to MQ queues. Everything works fine without SSL. Now, we'll need to connect to the queues where the channel is secured with SSL CipherSpec TLS_RSA_WITH_AES_256_CBC_SHA. We have the MQ certificate generated from the server where the queues are defined.

How do we configure JMS Mod Input to use the CipherSpec and the certificate to connect to secured queues?

Thank you.

0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

The JMS Mod Input ships with an sample/experimental LOCAL handler for MQ that you could try to use , rather than using a JNDI bindings file.

https://github.com/damiendallimore/SplunkModularInputsJavaFramework/blob/master/jms/src/com/splunk/m...

This local handler allows you to pass in several parameters pertaining to SSL, Ciphers , Certs etc..

If you look in the setParams method in the above code , you can see the parameter names that you can pass in.

Then you might set it up in Splunk Web like :

alt text

View solution in original post

0 Karma

Damien_Dallimor
Ultra Champion

The JMS Mod Input ships with an sample/experimental LOCAL handler for MQ that you could try to use , rather than using a JNDI bindings file.

https://github.com/damiendallimore/SplunkModularInputsJavaFramework/blob/master/jms/src/com/splunk/m...

This local handler allows you to pass in several parameters pertaining to SSL, Ciphers , Certs etc..

If you look in the setParams method in the above code , you can see the parameter names that you can pass in.

Then you might set it up in Splunk Web like :

alt text

0 Karma

flee
Path Finder

Is there a way to make it work using the JNDI .bindings file? All of our MQ infrastructures are remote and local installations are prohibitive. Thank you.

0 Karma

Damien_Dallimor
Ultra Champion

1) You misunderstand what "local" means in this context. It means you are providing the Java Connection Factory object yourself (LocalMQConnectionFactory) vs looking up the Connection Factory remotely via JNDI (from an LDAP server or Bindings file)

2) May or may not be possible with JNDI , but if you still want to use JNDI , you will need to contact your MQ/JMS admin or do some research(read : googling) to figure out what the necessary settings are for SSL via JMS to MQ. The JMS Mod Input has input parameters to accomodate many JMS client connection permutations , usually by utilizing the "Custom JVM System Properties" parameter.

splunk_ankman
Explorer

Try to connect from queue enabled with cipher value :TLS v1.2 cipher suites: TLS_RSA_WITH_AES_128_CBC_SHA256

Cipher suit is enbled at splunk side.

Error at splunk side: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'gbrdsr000002848.intranet.barcapint.com(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'MQ.CLT.SPLK.CHL' to host ''. [3=MQ.CLT.SPLK.CHL]],3=******************(1414),5=RemoteConnection.analyseErrorSegment]

Please help us in resolving the issue.

0 Karma

flee
Path Finder

Thanks for clarifications. Both options are working.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...