Sun Java System Message Queue 4.3 Developer's Guide for C Clients

Verification Using Fingerprints

If certificate authorization fails when the broker is using a certificate authority, it is possible to give the client runtime another means of establishing a secure connection by comparing broker certificate fingerprints. If the fingerprints match, the connection is granted; if they do not match, the attempt to create the connection will fail.

ProcedureTo Set Up Fingerprint Certification

  1. Set the broker connection property MQ_SSL_CHECK_BROKER_FINGERPRINT to true.

  2. Retrieve the broker’s certificate fingerprint by using the java keytool -list option on the broker’s keystore file:

    You will use the output of this command as the value for the connection property MQ_SSL_BROKER_CERT_FINGERPRINT in Verification Using Fingerprints. For example, if the output contains a value like the following:

    Certificate fingerprint (MD5): F6:A5:C1:F2:E6:63:40:73:97:64:39:6C:1B:35:0F:8E

    You would specify this value for MQ_SSL_BROKER_CERT_FINGEPRINT.

  3. Set the connection property MQ_SSL_BROKER_CERT_FINGEPRINT to the value obtained in Verification Using Fingerprints.