Win a copy of JDBC Workbook this week in the JDBC and Relational Databases forum
or A Day in Code in the A Day in Code forum!

Josue Nelson

+ Follow
since Nov 02, 2012
Josue likes ...
IBM DB2 MyEclipse IDE Java
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Josue Nelson

Patrick Do wrote:
1. Placed all of my partners trusted certs into my trusted cert and name it trusted.cert and this file into the "Trusted Root Certificate File" field.
2. Placed all of your partners trusted certs on your C:D server (Run MMC to add them) so they can be valid.
3. Place the KeyCertFile.keycert into the "Key Certificate File" field, this is the key certificate file at the bottom when I use the "Generate Key Certificate" tab. I give it an .keycert extension.
4. If you use the .Local node your authoritative source (master) then you need to set this node to use either enable tls or ssl and enable override.
5. The rest of the entries need to set to "Default to local node" so they can inherit the settings from the .Local node.

Hey Patrick, your procedure is absolutely right.

Thanks for sharing.

6 years ago

The procedure we have followed in the past to generate self-signed certificates:

1. Through the Sterling Certificate Wizard (a software to create our own certificates or create the skeleton of a CA) we create a self-signed certificate. So at this point we generate two files: a private key file (privatekey.txt) and a certificate file (certificate.cert). (CN=MY COMPANY and a server certificate)
2. Providing the private key and the certificate we generate a key certificate (keycert.txt).
3. Finally we make a copy of certificate.cert and rename it as trusted.txt, within this trusted.txt file we attach the other parties trusted files.
4. Now, within Secure+ -the Sterling Connect Direct software to manage the secured sessions among the nodes- we use the trusted.txt file and the keycert.txt file to set up the configuration

That's the process and have worked for us in the past.

As you see, both ways requires to install some certificates into a trusted storage. You wrote in the first message that you installed trusted files.

I'm not very literate about SSL and.. well.. I'm working on that... but... when you refer to a trusted storage, in our case it refers to a .txt file? I don't think we install the trusted files... we just point to the files. When the other parties for example update their certificates they send us their certificate and we attach it at the end of the trusted.txt and it works! Do you think that re-generating this from scratch will work? I'm sorry about the misunderstandings .

Thanks again Maxim. Very instructive comments and very helpful.

Kind regards.
6 years ago

Maxim Karvonen wrote:

We are using exactly the same configuration, except by the IP and server name, that have changed. The certificates in any way are linked to the server name or the IP?

Yes, of course. The most common way in certificate validation is validation using certificate chain.

Maxim. Thanks a lot for your response, your recommendations are very appreciated. I checked the CN value and it is CN=My Company (with blanks). Is this field relevant? Through a keytool.exe I checked the certificate and don't see any information that sounds like server specific information.

To create a new certificate I must use the same values shown in the old certificate? or it may be a brand new self signed certificate?

Thanks again!
6 years ago
We have IBM Sterling Connect Direct 4.2 on Windows 2003 Server, everything is working fine, even the SSL Configuration, we exchange files properly. Now, I have migrated all the configuration to a Windows Server 2008 cluster environment. Everything it's ok... I have configured the IBM Sterling Connect Direct -even the SSL Configuration, we just have made a copy/paste of the certificates, keycerts and trusted files-. Everything it's ok and we are able to receive files under a SSL session. But... there is an exception.. The problem we are facing is when we try to send files to our partners we get this error:

Message ID: CSPA311E
SSL Certificate verification failed, reason= self certificate in certificate chain:
Followed by this error:

Message ID: CSPA309E
SSL3_GET_SERVER_CERTIFICATE certificate verify failed:
We are using exactly the same configuration, except by the IP and server name, that have changed. The certificates in any way are linked to the server name or the IP?

Any hint on this issue is very appreciated.
6 years ago
How do I assign Active Directory query rights to a user on Windows Server 2003?

Any help is very appreciated.

7 years ago

Martin Vajsar wrote:Are you using the latest version of the driver? It is possible that older versions of the driver might not recognize the property.

I am not using the latest version of the driver, the problem maybe there. I'm going to check this point and post back if find any solution!


7 years ago

William P O'Sullivan wrote:


using: db2jcc4-9.5.1.jar


Very helpful information. Thank you very much.


kona krishnakumar wrote:Hi Josue Nelson,

Kindly clarify, why we will socket timeout parameter and how it effects at websphere and datasource level.

The fact here is that I'm trying to set the socket timeout at WebSphere level because it is very important to a specified scenario we must prove. If we could not set the timeout at this level, how can we set it up?

Thanks in advance.
7 years ago

gauri kaur wrote:Can someone please the difference or the advantage of WMB over MQ?

I hope you have now a clear vision of what is MQ and what is WMB...
7 years ago
I'm using DB2 9.7 and I have the db2jcc.jar driver... How do I know which driver type it is?

Thanks in advance.
How do I set the socket timeout for a DB2 (9.7) Universal JDBC Driver DataSource on WebSphere Application Server 6.1? I've tried adding the property as this IBM Technote says, but the problem is still there. Is there another way to set this property? Should I set it within the Java application code?

Any help is appreciated.
7 years ago