ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » SSL channels between qmgrs

Post new topic  Reply to topic
 SSL channels between qmgrs « View previous topic :: View next topic » 
Author Message
offshore
PostPosted: Tue Aug 12, 2003 11:34 am    Post subject: SSL channels between qmgrs Reply with quote

Master

Joined: 20 Jun 2002
Posts: 222
All,

I have been testing SSL channels between 2 queue mangers. I was able to create a certificate and assign it to the queue managers.

When I try to started the channel, the following message appears in the event viewer - Windows 2000 machines.

----------------------------------------------------------------------------------
A failure occurred during SSL handshaking.

During SSL handshaking, or associated activities, a failure occurred. The failure is 'WebSphere MQ TCP/IP Receive Failed' and has caused WebSphere MQ channel name 'QM1.QM2' to be closed. If the name is '????' then the name is unknown.

Refer to prior message in the WebSphere MQ error log for information related to this problem.
----------------------------------------------------------------------------------

Anyone know how what the actual problem is as to why the handshake failed?

Both channels are using RC4_MD5_US encryption. Both have the same certificate installed on the box.

TIA
Back to top
View user's profile Send private message Send e-mail
ARey
PostPosted: Tue Sep 09, 2003 9:06 am    Post subject: Reply with quote

Newbie

Joined: 09 Sep 2003
Posts: 2
Location: Florida
This is long and complex; however, these tips may help.

Make sure you are on the latest csd! Initial MQ 5.3 buggy and did not work.

If using self signed certificates,
> Add A's self signed to A's repository.
> add A's self signed certificate to B's destination signing certificates.
> Add B's self signed to B's repository.
> add B's self signed certificate to A's destination signing certificates.

Other:
> Queue manager bounce may be required.
> Make sure to use the friendly name (i.e. the Label) "ibmwebspheremq<queueManagerName>".
Certificate Gen is tricky.
> May require exports / imports to get into correct formats that will import into ibm key repository (i.e. depending on platform may have to apply some tricks).

Example channel definitions (for the FromQM - A):

DEFINE CHANNEL(A.B) +
CHLTYPE(SVR) +
XMITQ(ToQM) +
TRPTYPE(TCP) +
CONNAME('999.99.99.999(99999)') + <-- B's ip/port
NPMSPEED(NORMAL) +
HBINT(20) +
SHORTRTY(120) +
DISCINT(999999) +
SSLCIPH(TRIPLE_DES_SHA_US) +
SSLPEER('CN=ibmwebspheremqB') +
REPLACE

DEFINE CHANNEL(B.A) +
CHLTYPE(RQSTR) +
TRPTYPE(TCP) +
CONNAME('999.99.99.999(99999)') + <-- B's ip/port
MRRTY(3) +
MRTMR(10) +
HBINT(20) +
NPMSPEED(NORMAL) +
SSLCAUTH(REQUIRED) +
SSLCIPH(TRIPLE_DES_SHA_US) +
SSLPEER('CN=ibmwebspheremqB') +
REPLACE

That's it for now.
_________________
Antonio Rey
MQSeries Certified Professional
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » SSL channels between qmgrs
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.