ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » MQIPT SSL Certificate problems

Post new topic  Reply to topic
 MQIPT SSL Certificate problems « View previous topic :: View next topic » 
Author Message
phege
PostPosted: Wed Jul 25, 2007 9:11 am    Post subject: MQIPT SSL Certificate problems Reply with quote

Newbie

Joined: 05 Oct 2004
Posts: 2
Location: Stockholm, Sweden
Im preparing an installation doing some testing locally:

I have created a configuration, or tried to:
Client -> MQIPT (route1) - SSL -> MQIPT(route2) -> MQQMGR

I have created my own self signed certificate with the KM utility.

My problem is that if I use my own certificate one of the routes
will not initialize!
Using the provided sample certificate everything works fine!

Using my own gives me a statup log:

5639-L92 (C) Copyright IBM Corp. 2000, 2005 All Rights Reserved
MQCPI001 IBM WebSphere MQ internet pass-thru V1.3.3 starting
MQCPI004 Reading configuration information from C:\mqipt\mqipt.conf
MQCPI021 Password checking has been enabled on the command port
MQCPI008 Listening for control commands on port 1882
MQCPI011 The path C:\mqipt\logs will be used to store the log files
MQCPI006 Route 1416 is starting and will forward messages to :
MQCPI034 ....localhost(1414)
MQCPI035 ....using MQ protocols
MQCPI037 ....SSL Server side enabled with properties :
MQCPI031 ......cipher suites <NULL>
MQCPI032 ......keyring file c:\\mqipt\\ssl\\ELEKTA.pfx
MQCPI047 ......CA keyring file <NULL>
MQCPI071 ......site certificate uses CN=* O=* OU=* L=* ST=* C=*
MQCPI038 ......peer certificate uses CN=* O=ELEKTA* OU=* L=* ST=* C=*
MQCPI033 ......client authentication set to false
MQCPE004 Route startup failed on port 1416
MQCPI006 Route 1415 is starting and will forward messages to :
MQCPI034 ....localhost(1416)
MQCPI035 ....using MQ protocols
MQCPI036 ....SSL Client side enabled with properties :
MQCPI031 ......cipher suites <NULL>
MQCPI032 ......keyring file c:\\mqipt\\ssl\\ELEKTA.pfx
MQCPI047 ......CA keyring file <NULL>
MQCPI071 ......site certificate uses CN=* O=* OU=* L=* ST=* C=*
MQCPI038 ......peer certificate uses CN=* O=ELEKTA* OU=* L=* ST=* C=*
MQCPI078 Route 1415 ready for connection requests

In the error trace I get a:

Time: 18:48:42.265 2007.07.25
Class: com.ibm.mq.ipt.Route@9664a1
Method: startRoute
Thread ID: main
Logger: strTlRouteName
com.ibm.mq.ipt.IPTException: MQCPE004 Route startup failed on port 1418
at com.ibm.mq.ipt.IPTFFST.generateFFST(IPTFFST.java:89)
at com.ibm.mq.ipt.Route.startRoute(Route.java:1522)
at com.ibm.mq.ipt.IPTController.updateRoutes(IPTController.java:1409)
at com.ibm.mq.ipt.IPTController.main(IPTController.java:394)

Another interesting point:

I cretated the password file in clear text.
The sample password file does look encryptet and
I cant open the sample Keyring with KM by using the "text"
contained in the sample password file!

Thanks for any help!
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Wed Jul 25, 2007 2:28 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
Read the mqipt manual. There is a program to encrypt the passwd file. Use it.

On the other hand I would not be too concerned. You showed the server start log.
All the routes failing are on a different port.
My guess is you did not comment out the other default routes in mqipt.config and just changed one....

Enjoy
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
phege
PostPosted: Wed Jul 25, 2007 9:38 pm    Post subject: Reply with quote

Newbie

Joined: 05 Oct 2004
Posts: 2
Location: Stockholm, Sweden
Works so much better...

Thanks!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » MQIPT SSL Certificate problems
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.