| Author |
Message
|
| broker_new |
 Posted: Thu Dec 04, 2008 3:52 pm Post subject: |
 |
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
Hi,
Iam trying to invoke a webservice(HTTPS) using HTTP request node(WMB 6.0.3) which is hosted on .Net.
I have imported the certificate into cacerts file and recycled the broker but iam getting
An error occurred whilst performing an SSL socket operation
I have searched in the forum regarding this and performing the following steps.
mqm6@sy02014:/opt/IBM/mqsi/6.0/jre15/bin #> mqsichangeproperties TESTBRK -o BrokerRegistry -n brokerTruststoreFile -v /opt/IBM/mqsi/6.0/jre15/lib/secu>
BIP2087E: Broker TESTBRK was unable to process the internal configuration message.
The entire internal configuration message failed to be processed successfully.
The internal configuration message failed to be processed, use the messages following this message to determine the reasons for the failure.
BIP4041E: Execution group 'default' received an invalid configuration message. See the following messages for details of the error.
The message broker received an invalid configuration message and has not updated its configuration. This can arise as a result of errors in the specification of either message flows or message sets which the configuration manager was unable to detect. It can also result from a message flow requiring a type of node that is not supported by the broker installation, from the broker having become out of step with the configuration database or from other applications sending extraneous messages to the broker's configuration queues (SYSTEM.BROKER.ADMIN.QUEUE & SYSTEM.BROKER.EXECUTIONGROUP.QUEUE).
Check the relevant message flow and message set definitions, check that all necessary user-defined extensions are installed, perform a complete redeploy of the broker's configuration and ensure that no applications are writing to the broker's configuration queues.
BIP2212E: Invalid configuration message containing action 'Change' which is not valid for target object 'ComIbmResourceManager'.
The message broker received a configuration message containing the action 'Change' which is not valid for the target object 'ComIbmResourceManager'. This can be caused by a mismatch in levels between the Message Brokers Toolkit, the Configuration Manager and the Broker, or as a result of a user or third party written user-defined node where the implementation library installed at the broker does not match the node definition held at the Configuration manager and Message Brokers Toolkit.
Ensure that the levels of code installed at the Message Brokers Toolkit, Configuration Manager and Broker are all consistent. If they are, identify the supplier of the target object and report the problem to them. If this is IBM, contact your IBM support center.
BIP8036E: Negative response received.
This command sends an internal configuration message to the broker, the response received indicated that the internal configuration message was unsuccessful.
Check that the WebSphere MQ transport is available. Check the system log for further information.
Iam getting this problem.Could anyone suggest me whether iam going in right direction to invoke the HTTPS webservice.
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
 |
| broker_new |
| Posted: Thu Dec 04, 2008 4:51 pm Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
After some research i came to know that those commands are meant for WMB 6.1. Could anyone help me how to set up it up for WMB 6.0.3 
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Dec 04, 2008 10:19 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| broker_new wrote: |
| After some research i came to know that those commands are meant for WMB 6.1. Could anyone help me how to set up it up for WMB 6.0.3 |
Have you looked at and implemented this link? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| broker_new |
| Posted: Fri Dec 05, 2008 4:21 am Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
yes, I have imported the certificate into cacerts file using keytool as per the info center.
When the certificate is imported how do we authenticate particular broker to call the webservice.
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Dec 05, 2008 6:19 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| broker_new wrote: |
yes, I have imported the certificate into cacerts file using keytool as per the info center.
When the certificate is imported how do we authenticate particular broker to call the webservice. |
Have you tried the example as described in the link and with what result?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| broker_new |
| Posted: Fri Dec 05, 2008 9:13 am Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
after importing the cert into cacerts using
keytool -import -alias mykey1 -file /home/era1/temp/2008.com.cer -keystore /opt/IBM/mqsi/6.0/jre15/lib/security/cacerts
Enter keystore password: changeit
Trust this certificate? [no]: yes
Bounced broker twice and tried to hit the webservice.
Iam getting the following error.
(0x01000000):RecoverableException = (
(0x03000000):File = '/build/S600_P/src/WebServices/WSLibrary/ImbWSRequest.cpp'
(0x03000000):Line = 552
(0x03000000):Function = 'ImbWSRequest::makeWSRequest'
(0x03000000):Type = ''
(0x03000000):Name = ''
(0x03000000):Label = ''
(0x03000000):Catalog = 'BIPv600'
(0x03000000):Severity = 1
(0x03000000):Number = 3152
(0x03000000):Text = 'A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3.'
(0x01000000):Insert = (
(0x03000000):Type = 5
(0x03000000):Text = 'clear.com'
)
(0x01000000):Insert = (
(0x03000000):Type = 2
(0x03000000):Text = '443'
)
(0x01000000):Insert = (
(0x03000000):Type = 5
(0x03000000):Text = '/qa_ws_adt/clearwebservice.asmx'
)
(0x01000000):SocketException = (
(0x03000000):File = '/build/S600_P/src/WebServices/WSLibrary/ImbSocket.cpp'
(0x03000000):Line = 2074
(0x03000000):Function = 'ImbSocketJNIManager::handleGeneralJavaException'
(0x03000000):Type = ''
(0x03000000):Name = ''
(0x03000000):Label = ''
(0x03000000):Catalog = 'BIPv600'
(0x03000000):Severity = 1
(0x03000000):Number = 3165
(0x03000000):Text = 'An error occurred whilst performing an SSL socket operation'
(0x01000000):Insert = (
(0x03000000):Type = 5
(0x03000000):Text = 'connect'
)
(0x01000000):Insert = (
(0x03000000):Type = 5
(0x03000000):Text = 'java.net.ConnectException: A remote host refused an attempted connect operation.'
)
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
| marcin.kasinski |
| Posted: Fri Dec 05, 2008 9:58 am Post subject: |
|
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
| broker_new wrote: |
A remote host refused an attempted connect
|
You have to check remote host logs to find out why it refused connection.
_________________
Marcin |
|
| Back to top |
|
|
| broker_new |
| Posted: Fri Dec 05, 2008 5:02 pm Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
mqm6@fra87920:/var/mqsi/config #> telnet tranequifax.fa.mell.com 443
Trying...
telnet: connect: A remote host refused an attempted connect operation.
Iam guessing this is the problem with the Firewall could anyone throw some light
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
| marcin.kasinski |
| Posted: Sat Dec 06, 2008 3:40 am Post subject: |
|
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
| broker_new wrote: |
mqm6@fra87920:/var/mqsi/config #> telnet tranequifax.fa.mell.com 443
Trying...
telnet: connect: A remote host refused an attempted connect operation.
Iam guessing this is the problem with the Firewall could anyone throw some light |
Have you checked server logs ?
Is there any firewall between client and server ?
Have you asked admin ?
_________________
Marcin |
|
| Back to top |
|
|
| broker_new |
| Posted: Sat Dec 06, 2008 4:26 am Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
I've opened a ticket with network team for that.
I was not able to check with the vendor company who provides this web service, but will get more details on Monday.
Thanks for your help guys. 
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
| broker_new |
| Posted: Sat Dec 06, 2008 8:57 am Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
Iam trying to understand the steps involved in for calling a webservice which is hosted as HTTPS/SSL do we need to just import the certificate into cacerts(trusted keystore) or do we need to perform any other tasks.
mqm6@fra87920:/var/mqsi/errors #> keytool -import -alias mykey1 -file /home/erroq1/temp/tranequifax.qa.don.cer -keystore /opt/IBM/mqsi/6.0/jre15/lib/security/cacerts
and bounced the broker twice.
how do we tell that particular broker to pick up the certificate and perform the HTTP Post.
As per infocenter it tells us only to import the certificate into the trusted keystore(cacerts).
http://publib.boulder.ibm.com/infocenter/wmbhelp/v6r0m0/topic/com.ibm.etools.mft.doc/ap12235_.htm
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
| marcin.kasinski |
| Posted: Sun Dec 07, 2008 12:15 am Post subject: |
|
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
How about server side ?
Do they trust you ?
How did you sign your personal cert ?
Does your partner import your CA into his truststore ?
_________________
Marcin |
|
| Back to top |
|
|
| broker_new |
| Posted: Mon Dec 08, 2008 9:39 am Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
I got the keystore file and truststore files from our third party company who are providing the service and passwords associated with them as "pass1".
I have searched in the forum and got the steps for configuring for WMB 6.1
Could anyone please help me how do we apply the keystore and truststore to WMB 6.0.3.
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
| broker_new |
| Posted: Mon Dec 08, 2008 1:21 pm Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
We figured out that it's a network issue.
Our network guys doesn't know what exactly needs to be done.
Could anyone help me to provide some directions to our n/w guys to allow the requests,responses send/receive thru the box.
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
| broker_new |
| Posted: Wed Dec 10, 2008 7:01 pm Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
Hey we found that our firewall is blocking the HTTPS requests going out of the box and opened the IP and the 443 port in the firewall and was able to successfully call the webservice.
Before that we found an alternate way for that.. by using proxy we are able to successfully POST the webservice.If suppose sometimes the proxy prompts for user and password authentication in those cases how do handle it in ESQL.
(It is know that we can do the same HTTP Post using Java,using the proxy and passing the user and password information).
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
|
|
