I've set up a password synchronizer on a Windows Active Directory
domain controller, using a MQe password store. This works fine, and I
can view the captured passwords with a TDI Assembly Line in which I
set up a JMS Password Connector (or MQe Password Store Connector for
versions before 7.0).
I now want to use the PKCS7 functionality, in order to sign and
encrypt password change messages. So I created with ikeyman two JKS
files: one for the connector, and one for the password synchronizer
MQe client.
So I have configured the PKCS7 stanza in pwsync.props.
But when I start again the proxy, it fails to start because it can not
initialize the PKCS7 module, because "Keystore was tampered with, or
password was incorrect".
But the password is correct, I can open the JKS file with ikeyman
without a problem.
Any input would be valuable, thx!!
/Ben
Thx for your help!!
/Ben
The PKCS-7 option for works for me on AD. Below is the relevant part
of the pwsync.props.
Note that the password is not 'in the clear'. You have to generate
the encrypted (obfuscated) password via
c:\IBM\TDI\V7.0\pwd_plugins\bin>encryptPasswd.bat passw0rd
pkcs7=true
pkcs7KeyStoreFilePath=C:\\IBM\\TDI\\V7.0\\pwd_plugins\\etc\
\passwordStore.jks
# the password to this key store is 'passw0rd'
pkcs7KeyStoreFilePassword=0f0fe0e2062f0d66
pkcs7MqeStoreCertificateAlias=passwordstore
pkcs7MqeConnectorCertificateAlias=passwordconnector