Author |
Message
|
velocity |
Posted: Tue Jun 10, 2008 4:45 am Post subject: SSLs on MQ Client on Windows & z/OS queue manager |
|
|
Centurion
Joined: 30 Nov 2007 Posts: 126
|
Hi Guys,
I have used client connection channel table to communicate between windows client and z/OS QM. I am using SVRCONN-CLNTCONN pair..which I have secured through SSLs..
My question is when I use amqsputc sample I get 2393 error. When I check the logs it says- " no cypherspec for remote channel". I have specified cypherspecs on both the channel defns..I am wondering whether using amqsputc sample is the right way to test SSLs.
Thanks for your time. |
|
Back to top |
|
 |
bbburson |
Posted: Tue Jun 10, 2008 5:48 am Post subject: |
|
|
Partisan
Joined: 06 Jan 2004 Posts: 378 Location: Nowhere near a queue manager
|
amqsputc with SSl works for me. Double-check your SVRCONN/CLNTCONN definitions. Also make sure you do NOT have MQSERVER variable defined on the client machine. You'll get a 2393 if you do. |
|
Back to top |
|
 |
velocity |
Posted: Tue Jun 10, 2008 7:20 am Post subject: |
|
|
Centurion
Joined: 30 Nov 2007 Posts: 126
|
Hi,
I do not have MQSERVER variable installed. Still getting 2393..
My svrconn and clntconn defns contain only the cipherspec RC4_SHA_US. I havent used the SSLPEER values yet. On my SVRCONN I have SSL Certificate set to Required. Thats all I have as of now.
Can you think of something else? |
|
Back to top |
|
 |
vennela |
Posted: Tue Jun 10, 2008 8:25 am Post subject: |
|
|
 Jedi Knight
Joined: 11 Aug 2002 Posts: 4055 Location: Hyderabad, India
|
On your Windows box, where did you put the certs? |
|
Back to top |
|
 |
velocity |
Posted: Tue Jun 10, 2008 9:28 am Post subject: |
|
|
Centurion
Joined: 30 Nov 2007 Posts: 126
|
Hi-
Ther certs are in
c:\Documents and Settings\MYUSERID\ssl\key
Please let me know what you think...I think you might be right.
Rgds |
|
Back to top |
|
 |
vennela |
Posted: Tue Jun 10, 2008 11:03 am Post subject: |
|
|
 Jedi Knight
Joined: 11 Aug 2002 Posts: 4055 Location: Hyderabad, India
|
Where does your MQSSLKEYR environment point to? |
|
Back to top |
|
 |
velocity |
Posted: Tue Jun 10, 2008 11:45 am Post subject: |
|
|
Centurion
Joined: 30 Nov 2007 Posts: 126
|
The MQSSLKEYR points to c:\Documents and Settings\MYUSERID\ssl\key
I have used set MQSSLKEYR on the cmd prompt & I have also set the user variable (not system variable) on Windows machine.
The SSL certs are installed fine and the key repository is also good.
Rgds.[/quote] |
|
Back to top |
|
 |
vennela |
Posted: Tue Jun 10, 2008 12:00 pm Post subject: |
|
|
 Jedi Knight
Joined: 11 Aug 2002 Posts: 4055 Location: Hyderabad, India
|
Try:
Code: |
REFRESH SECURITY TYPE(SSL) |
|
|
Back to top |
|
 |
velocity |
Posted: Mon Jun 16, 2008 8:35 am Post subject: |
|
|
Centurion
Joined: 30 Nov 2007 Posts: 126
|
Just got it working !!
It was a minor environment issue..
The keys should be located in
C:\Documents & Settings\USERID\ssl directory and not
C:\Documents & Settings\USERID\ssl\key.
The env. variable should be set to
MQSSLKEYR=C:\Documents & Settings\USERID\ssl\key or else you will get 2381.
FYI- ALways ftp the AMQCLCHL.TAB after you put the Cypherspecs in or else you will get 2393.
Thanks a lot for your help. |
|
Back to top |
|
 |
velocity |
Posted: Mon Jun 30, 2008 7:26 am Post subject: |
|
|
Centurion
Joined: 30 Nov 2007 Posts: 126
|
Now I have set up SSLs from Windows Client workstation to the z/OS QM under my windows log on id.
C:\Documents and Settings\USERID\ssl\key
The user id in the env variable is my id..
Now, there are quite a few users who would like to log on this windows client using their ids...does that mean they should all follow the same procedure, generate key repository, create individual cert requests? |
|
Back to top |
|
 |
PeterPotkay |
Posted: Mon Jun 30, 2008 9:29 am Post subject: |
|
|
 Poobah
Joined: 15 May 2001 Posts: 7722
|
|
Back to top |
|
 |
|