| Author |
Message
|
| oopz4u |
 Posted: Sun Feb 21, 2010 9:40 pm Post subject: SSL between WMQ and WAS |
 |
|
Newbie
Joined: 21 Feb 2010
Posts: 2
|
Hi Freinds...
Im a newbie to WebShpere MQ, for SSL testing (securing communication between WAS and WMQ), I have created a channel "SSL.SVRCONN" and made a listener "SSL.SVRCONN_LISTENER" and assigned port 9999, (listner is running, but the channel is showing inactive)
My doubt is how to make the channel listen to port 9999... becoz the application on WAS is not able to connect to the Queue Manager.. it is giving following error
"Error 500:com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'qm_example' with connection mode 'Client' and host name 'mypc'. Check the queue manager is started and if running in client mode, check there is a listener running."
Before implementing SSL, communication between WAS and WMQ was successfull and that time i was using SYSTEM.DEF.SVRCONN as channel and default port 1414
Looking forward for ur replies..
Regards
Win Najeem |
|
| Back to top |
|
 |
| Vitor |
| Posted: Sun Feb 21, 2010 10:48 pm Post subject: Re: SSL between WMQ and WAS |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| oopz4u wrote: |
| My doubt is how to make the channel listen to port 9999... |
Channels don't listen, queue managers listen.
| oopz4u wrote: |
the application on WAS is not able to connect to the Queue Manager.. it is giving following error
"Error 500:com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'qm_example' with connection mode 'Client' and host name 'mypc'. Check the queue manager is started and if running in client mode, check there is a listener running." |
Sounds like your configuration is at fault, or something's blocking that port.
| oopz4u wrote: |
| Before implementing SSL, communication between WAS and WMQ was successfull and that time i was using SYSTEM.DEF.SVRCONN as channel and default port 1414 |
Well in a secure system you wouldn't use the well known default port and you should never use the default objects.
But having said that you should get the connection working on SSL.SVRCONN using a listener on whatever port you fancy using, then add SSL to that channel. Because SSL is a channel characteristic not a port one.
The documentation has details on all of this.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Mon Feb 22, 2010 2:21 am Post subject: Re: SSL between WMQ and WAS |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| oopz4u wrote: |
| ...Im a newbie to WebShpere MQ, for SSL testing (securing communication between WAS and WMQ).... |
Well... welcome first of...
| oopz4u wrote: |
I have created a channel "SSL.SVRCONN" and made a listener "SSL.SVRCONN_LISTENER" and assigned port 9999, (listner is running, but the channel is showing inactive) |
True, pls have a look at the disconnect interval and heartbeat interval.
http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.csqzae.doc/ic11690_.htm
| oopz4u wrote: |
| ..My doubt is how to make the channel listen to port 9999... |
Vitor has rightly given the answer for that.
| oopz4u wrote: |
...becoz the application on WAS is not able to connect to the Queue Manager.. it is giving following error...
"Error 500:com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'qm_example' with connection mode 'Client' and host name 'mypc'. Check the queue manager is started and if running in client mode, check there is a listener running."
|
well... JMS seems to perform MQOPEN but websphere MQ Reported an error on that. Could you please provide the linked exception to determine the cause of the error. ( as you said.. you were trying to implement the ssl on channel.. so first of all.. check the settings at the client/application side and mq server side.)
| Vitor wrote: |
| The documentation has details on all of this. |
Agree !
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| oopz4u |
| Posted: Mon Feb 22, 2010 5:37 am Post subject: |
|
|
Newbie
Joined: 21 Feb 2010
Posts: 2
|
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Feb 22, 2010 6:23 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Which is all fine but does assume a knowledge of WMQ. It certainly doesn't cover channels in detail, makes no mention of listeners and doesn't claim that channels have specific port numbers. That's why, in the pre-requisites section at the top, it calls for a basic knowledge of such things.
Review the WMQ documentation, get a grounding in the product and then try stuff in the technical articles.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Mon Feb 22, 2010 6:30 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
Have you tried implementation using .jks file ?
Have you used 'Transport type' other then 'Client' ?
Have you managed to see the queue manager error log ?
Have you able to fetch 'Linked Exception' of your error ?
I tried using 'TRIPLE_DES_SHA_US' SSLCipherSpec and with unchecked 'Accept the certificate with Distinguished Names Matching values', Have you ?
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| exerk |
| Posted: Mon Feb 22, 2010 7:23 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
PM (I think it's working now) as I have something that may help...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Mon Feb 22, 2010 7:55 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| exerk wrote: |
| PM (I think it's working now)... |
Oops  not for me atleast !
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
|
|
