ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » SSL issue?

Post new topic  Reply to topic
 SSL issue? « View previous topic :: View next topic » 
Author Message
elikatz
PostPosted: Sat Oct 24, 2009 9:24 am    Post subject: SSL issue? Reply with quote

Voyager

Joined: 24 Feb 2009
Posts: 86
hi all,

I have MQ version 6.0.2.7 on single windows 2003 server.
I'm trying to use sender-rcvr with external vendor (one direction from us to them), i've added the certificate they gave me but still doesn't work.
I'm getting the following error:

Event Type: Error
Event Source: WebSphere MQ
Event Category: None
Event ID: 9633
Date: 10/24/2009
Time: 1:21:28 PM
User: N/A
Computer: ATTRMQV6
Description:
Bad SSL certificate for channel 'XXXXXX'.

A certificate encountered during SSL handshaking is regarded as bad for one of the following reasons: &B (a) it was formatted incorrectly and could not be validated, or &B (b) it was formatted correctly but failed validation against the Certification Authority (CA) root and other certificates held on the local system, or &B (c) it was found in a Certification Revocation List (CRL) on an LDAP server. &B (d) a CRL was specified but the CRL could not be found on the LDAP server. &P The channel is 'XXXXXX'; in some cases its name cannot be determined and so is shown as '????'. The channel did not start.

Check which of the three possible causes applies on your system. Correct the error, and restart the channel.

any ideas?
Back to top
View user's profile Send private message
elikatz
PostPosted: Sat Oct 24, 2009 9:26 am    Post subject: Reply with quote

Voyager

Joined: 24 Feb 2009
Posts: 86
BTW, exact same connection from 5.3 machine works perfect.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Sat Oct 24, 2009 9:33 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447
The most likely cause is that you failed to add the signer certificates to the qmgr truststore.
Back to top
View user's profile Send private message
elikatz
PostPosted: Sat Oct 24, 2009 9:54 am    Post subject: Reply with quote

Voyager

Joined: 24 Feb 2009
Posts: 86
is there a different way to add cert not from the IKeyMan UI?

It says it was added successfully and it appears in the list...
Back to top
View user's profile Send private message
jeevan
PostPosted: Sat Oct 24, 2009 12:29 pm    Post subject: Reply with quote

Grand Master

Joined: 12 Nov 2005
Posts: 1432
elikatz wrote:
is there a different way to add cert not from the IKeyMan UI?

It says it was added successfully and it appears in the list...


Yes. U can use CL command

Look at the article annd redbook given below. To me these have been so valuable. U can see both command line as well ikeyman graphical way to do stuff.


http://www.redbooks.ibm.com/redpapers/pdfs/redp4140.pdf

http://www.ibm.com/developerworks/websphere/library/techarticles/0608_vanstone/0608_vanstone.html

As mqjeff said, you might have forgotten to add CA( signer) certificates. Both the redbook and article discussed the steps needed for implementing SSL.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » SSL issue?
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.