| Author |
Message
|
| pcelari |
 Posted: Wed Dec 14, 2022 8:07 am Post subject: Why MQClient app can't connect to QM with MQSERVER & SSL |
 |
|
Chevalier
Joined: 31 Mar 2006
Posts: 411
Location: New York
|
Greetings...
I was my understanding to use SSL, a CCDT file together with SSLKEYR environment variable must be used by a client application like amqsputc. MQSERVER has to be unset for this to work.
Why is it not possible to use MQSERVER together with SSLKEYR for client application to connect to a qmgr?
_________________
pcelari
-----------------------------------------
- a master of always being a newbie |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Wed Dec 14, 2022 10:29 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Dec 14, 2022 10:34 am Post subject: Re: Why MQClient app can't connect to QM with MQSERVER & |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| pcelari wrote: |
Greetings...
I was my understanding to use SSL, a CCDT file together with SSLKEYR environment variable must be used by a client application like amqsputc. MQSERVER has to be unset for this to work.
Why is it not possible to use MQSERVER together with SSLKEYR for client application to connect to a qmgr? |
Because when using MQSERVER you don't have a way to specify the Cipher to use on the channel. When using MQSERVER the cipher is set to ''. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| pcelari |
| Posted: Thu Dec 15, 2022 6:23 am Post subject: Re: Why MQClient app can't connect to QM with MQSERVER & |
|
|
Chevalier
Joined: 31 Mar 2006
Posts: 411
Location: New York
|
| fjb_saper wrote: |
| pcelari wrote: |
...
Why is it not possible to use MQSERVER together with SSLKEYR for client application to connect to a qmgr? |
Because when using MQSERVER you don't have a way to specify the Cipher to use on the channel. When using MQSERVER the cipher is set to ''. |
... thank you for clarifying!
Maybe it's time for IBM to add an environment variable MQSSLCIPH in a client environment so an application can connect to a qmgr with a mere MQSERVER set....
_________________
pcelari
-----------------------------------------
- a master of always being a newbie |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Dec 15, 2022 9:29 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
|
| Back to top |
|
|
| pcelari |
| Posted: Fri Dec 16, 2022 6:08 am Post subject: |
|
|
Chevalier
Joined: 31 Mar 2006
Posts: 411
Location: New York
|
| zpat wrote: |
| https://community.ibm.com/community/user/integration/blogs/morag-hughson/2016/06/22/ibm-mq-little-gem-13-mqclientini |
thanks for sharing this article. It seems if MQSSLCIPH becomes an intrinsic part of MQ client application, apps like amqsputc will be able to connect to a qmgr through an SSL enabled SVRCONN channel, via MQSERVER. Then a CLINTCONN in the form of a CCDT file would no longer be necessary.
_________________
pcelari
-----------------------------------------
- a master of always being a newbie |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Dec 16, 2022 6:19 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| pcelari wrote: |
| zpat wrote: |
| https://community.ibm.com/community/user/integration/blogs/morag-hughson/2016/06/22/ibm-mq-little-gem-13-mqclientini |
thanks for sharing this article. It seems if MQSSLCIPH becomes an intrinsic part of MQ client application, apps like amqsputc will be able to connect to a qmgr through an SSL enabled SVRCONN channel, via MQSERVER. Then a CLINTCONN in the form of a CCDT file would no longer be necessary. |
It seems by using the mqclient.ini you won't have to set MQSERVER or any of the other environment variables and can change the behavior just by changing the mqclient.ini ... (java /jms exceptions apply)
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
