| Author |
Message
|
| nurazrin |
 Posted: Tue Aug 12, 2008 1:56 am Post subject: BlockIP2 - SSLPeerName too long |
 |
|
Newbie
Joined: 12 Aug 2008
Posts: 5
|
Hi all
I'm using SSL spec in BlockIP2.ini But when i try to connect from client to server i received below error in the log file:
Connection Refused, SSLPeerName too long max[80] was [90].
=====BlockIP2.ini============
SSL=CN=ibmwebspheremq*;MCA=*;
SSL=CN=*;
=========================
does anyone encoutered this error? Please help me.
thanks in advance 
Last edited by nurazrin on Tue Aug 12, 2008 5:41 pm; edited 1 time in total |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Tue Aug 12, 2008 3:31 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
I think the error is clear. Limit the length of your SSLPeername... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| sami.stormrage |
| Posted: Tue Aug 12, 2008 6:43 am Post subject: |
|
|
Disciple
Joined: 25 Jun 2008
Posts: 186
Location: Bangalore/Singapore
|
whats the version that ur running with? 6.0.2.4 should fix ur problem
_________________
*forgetting everything  * |
|
| Back to top |
|
|
| nurazrin |
| Posted: Tue Aug 12, 2008 5:25 pm Post subject: |
|
|
Newbie
Joined: 12 Aug 2008
Posts: 5
|
Good Day all,
Im using MQ6.0.2.4 version.
1. Do i need to change the certificate or something in order for it to works?
2. How can i limit the length of SSLPeerName?
thanks. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Aug 13, 2008 4:06 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Changing the cert might help. I believe that is where you set your SSLPeername.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Thu Aug 14, 2008 3:14 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
The currrent limit is 80.... This seems to be very small for many clients...
So I'm working on a new version of BlockIP2 and SSL_LEN_PEER is lifted to 512, with other small changes.
If you would like to try my beta build, drop me a "private message" and tell me which platform we're talking about.
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| nurazrin |
| Posted: Fri Aug 15, 2008 12:53 am Post subject: |
|
|
Newbie
Joined: 12 Aug 2008
Posts: 5
|
I thought there is something wrong with my SSL certificates.
Glad to hear that you are working on a new version of BlockIP.
Thank you Jorgen for your help 
But, i encountered another problem, i'm not able to generate BlockIP2 log file at the specified path. The configuration file as below:
========BlockIP2.ini=========
LogPath=/dvt/isis/hk/log/blockip;
========================
error msg in the log file (BlickIP2.log):
2008-08-15|16:10:07|BlockIP2 failed to open the specified logfile [/dvt/isis/hk/log/blockip/BlockIP2_QM2CLNTPS1_2008-08-15001.log], used default.
The log file is still generated under /var/mqm/exits (by default)
then i tried to create a directory under the exits path /var/mqm/exits/log this time the log file is created under the specified directory.
I did some test on this scenario and i only able to generate the log file at the following location
/var/mqm
/var/mqm/exits/log/../..
FYI BlockIP2 is installed in LINUX Platform |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Aug 15, 2008 1:10 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
You probably have no OS rights to write your log in the desired location...
Check it out but I believe your are using the mqm:mqm id trying to write the log.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
