Verification Using Fingerprints (Oracle GlassFish Message Queue 4.4.2 Developer's Guide for C Clients)

Oracle GlassFish Message Queue 4.4.2 Developer's Guide for C Clients

Verification Using Fingerprints

If certificate authorization fails when the broker is using a certificate authority, it is possible to give the client runtime another means of establishing a secure connection by comparing broker certificate fingerprints. If the fingerprints match, the connection is granted; if they do not match, the attempt to create the connection will fail.

To Set Up Fingerprint Certification

Set the broker connection property MQ_SSL_CHECK_BROKER_FINGERPRINT to true.

Retrieve the broker’s certificate fingerprint by using the java keytool -list option on the broker’s keystore file:

You will use the output of this command as the value for the connection property MQ_SSL_BROKER_CERT_FINGERPRINT in Verification Using Fingerprints. For example, if the output contains a value like the following:
Certificate fingerprint (MD5): F6:A5:C1:F2:E6:63:40:73:97:64:39:6C:1B:35:0F:8E
You would specify this value for MQ_SSL_BROKER_CERT_FINGEPRINT.

Set the connection property MQ_SSL_BROKER_CERT_FINGEPRINT to the value obtained in Verification Using Fingerprints.