| Author |
Message
|
| krish_blore |
 Posted: Wed Jan 19, 2011 9:05 am Post subject: 2393-MQRC _SSL_INITIALIZATION_ERROR |
 |
|
Novice
Joined: 29 Nov 2010
Posts: 19
|
AMQ8414: Display Channel details.
CHANNEL(CHANNEL2) CHLTYPE(SVRCONN)
ALTDATE(2011-01-19) ALTTIME(21.00.01)
COMPHDR(NONE) COMPMSG(NONE)
DESCR( ) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER(mqm) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(REQUIRED)
SSLCIPH(TRIPLE_DES_SHA_US) SSLPEER( )
TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(CHANNEL2) CHLTYPE(CLNTCONN)
AFFINITY(PREFERRED) ALTDATE(2011-01-19)
ALTTIME(21.00.3 CLNTWGHT(0)
COMPHDR(NONE) COMPMSG(NONE)
CONNAME(127.0.0.1(9005)) DESCR( )
HBINT(300) KAINT(AUTO)
LOCLADDR( ) MAXMSGL(4194304)
MODENAME( ) PASSWORD( )
QMNAME( ) RCVDATA( )
RCVEXIT( ) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SHARECNV(10)
SSLCIPH(TRIPLE_DES_SHA_US) SSLPEER( )
TPNAME( ) TRPTYPE(TCP)
USERID( )
I have written client program to put message, without ssl it works fine..same program i had added below ,
strncpy(mysco.KeyRepository, "/home/kicha/QM2/client/qm2clientkey",MQ_SSL_KEY_REPOSITORY_LENGTH);
/** Specify CipherSpec */
connect_options.SSLConfigPtr = &mysco;
strncpy(mycd.SSLCipherSpec,"TRIPLE_DES_SHA_US",sizeof(mycd.SSLCipherSpec));
when i execute the same i am getting
2393 0x00000959 MQRC_SSL_INITIALIZATION_ERROR
In the AMQERR01 log,
Wednesday 19 January 2011 09:34:50 IST - Process(4103.1) User(kicha) Program(clientp)
Host(kicha-laptop)
AMQ9641: Remote CipherSpec error for channel 'CHANNEL2'.
EXPLANATION:
The remote end of channel 'CHANNEL2' has had a CipherSpec error. The channel
did not start.
ACTION:
Review the error logs on the remote system to discover the problem with the
CipherSpec.
----- cmqxrfpt.c : 457 --------------------------------------------------------
root@kicha-laptop:/var/mqm/errors#
please help me to resolve this.
Thanks for your time,
Kris |
|
| Back to top |
|
 |
| krish_blore |
| Posted: Wed Jan 19, 2011 9:28 am Post subject: |
|
|
Novice
Joined: 29 Nov 2010
Posts: 19
|
I had followed the below step to create queue manager key and client key..
Creating a key repository for the queue manager(QM2):
------------------------------------------------
gsk7cmd -keydb -create -db qm2key.kdb -type cms -expire 100 -stash
Creating a self-signed certificate:(CA-certificate)
-----------------------------------
gsk7cmd -cert -create -db qm2key.kdb -pw password -label ibmwebspheremqqm2 -dn "CN=FIS" -size 1024 -x509version 3 -expire 100
extract the CA certificate fro the queue manager:
------------------------------------------------
gsk7cmd -cert -extract -db qm2.kdb -pw password -label ibmwebspheremqqm2 -target qm2.arm -format ascii
Installing the CA part in the client's key repository:
------------------------------------------------------
This task consists of the following steps, executed on the client machine (again,this can be the same as the queue manager machine):
Create a key repository for the client(use different directory for creating clientkey)
--------------------------------------
gsk7cmd -keydb -create -db qm2clientkey.kdb -type cms -expire 100 -stash
Add CA certificate to client key database:
------------------------------------------
gsk7cmd -cert -add -db qm2clientkey.kdb -pw krishna1 -label ibmwebspheremqqm2 -file qm2.arm -format ascii
Thanks for your time,
Kris |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Jan 19, 2011 10:59 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Why are you doing this?
| Code: |
strncpy(mysco.KeyRepository, "/home/kicha/QM2/client/qm2clientkey",MQ_SSL_KEY_REPOSITORY_LENGTH);
/** Specify CipherSpec */
connect_options.SSLConfigPtr = &mysco;
strncpy(mycd.SSLCipherSpec,"TRIPLE_DES_SHA_US",sizeof(mycd.SSLCipherSpec)); |
Why are you not relying on the mqclient.ini file, or variables?
And the error couldn't be any clearer: "...The remote end of channel 'CHANNEL2' has had a CipherSpec error..."
This wheel has already been invented for you...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| krish_blore |
| Posted: Wed Jan 19, 2011 11:09 pm Post subject: |
|
|
Novice
Joined: 29 Nov 2010
Posts: 19
|
Thanks for your reply.
As per my requirement I have to use MQSCO structure.
I have taken sample ssl/tls program(amqsslc) and tried to execute, it is establishing the connection,
http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp?topic=/com.ibm.mq.csqzaf.doc/cs13350_.htm
-----------------------------------------------------------------------------------------------------
$ ./amqssslc -c CHANNEL2 -x '127.0.0.1(9005)' -k /home/kicha/QM2/client/qm2clientkey -s TRIPLE_DES_SHA_US
Sample AMQSSSLC start
Connecting to the default queue manager
Using the server connection channel CHANNEL2
on connection name 127.0.0.1(9005).
Using SSL CipherSpec TRIPLE_DES_SHA_US
Using SSL key repository stem /home/kicha/QM2/client/qm2clientkey
No OCSP configuration specified.
Connection established to queue manager QM2
Sample AMQSSSLC end
same thing i am doing using code, it gives the error. correct me if i am missing anything.
kris |
|
| Back to top |
|
|
| krish_blore |
| Posted: Wed Jan 19, 2011 11:43 pm Post subject: |
|
|
Novice
Joined: 29 Nov 2010
Posts: 19
|
oops...i have not defined MQCD_VERSION..
It worked..
Thanks for your time,
Kris |
|
| Back to top |
|
|
| asrajesh |
| Posted: Tue May 14, 2013 6:21 am Post subject: |
|
|
Novice
Joined: 19 Jan 2013
Posts: 20
|
I do face a similar problem. When I run amqssslc is working fine. Where as when I take the source code, complile and run, it throws MQRC 2012 ( MQRC_ENVIRONMENT_ERROR). Not clear on which environment variable to set. I am working on HP-UX and used the following command to compile.
cc amqssslc.c -o mqsslput /opt/mqm/lib/libmqic.so.
Can some one assist us.
With regards,
Rajesh. |
|
| Back to top |
|
|
| zpat |
| Posted: Tue May 14, 2013 7:15 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Environment Error does not mean there is a problem with an environment variable.
It's more to do with libraries and such like. |
|
| Back to top |
|
|
| asrajesh |
| Posted: Tue May 14, 2013 7:36 am Post subject: |
|
|
Novice
Joined: 19 Jan 2013
Posts: 20
|
Thanks Zpat,.. Can you please explain in detail about the libraries which should be used
Regards
Rajesh |
|
| Back to top |
|
|
| hughson |
| Posted: Tue May 14, 2013 7:59 am Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
Reading the description of MQRC_ENVIRONMENT_ERROR (2012) will be enlightening for you.
I suspect the first suggestion is likely to be your error:-- The application is linked to the wrong libraries (threaded or nonthreaded).
although I do not know everything about your environment so it might be one of the others.
Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| asrajesh |
| Posted: Tue May 14, 2013 9:54 pm Post subject: |
|
|
Novice
Joined: 19 Jan 2013
Posts: 20
|
Thanks Hughson .. we changed the library as libmqm.so & the compilation script used
cc amqssslc.c -o mqsslput /opt/mqm/lib/libmqm.so
It worked.. Thank you so much...
Regards
S. Rajesh |
|
| Back to top |
|
|
| hughson |
| Posted: Wed May 22, 2013 12:51 am Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
Hi Rajesh,
I think i must be confused about what you are trying to achieve with this application. I assumed when you said you wanted to use the MQSCO structure on MQCONNX that it was because you wanted to use SSL on a client connection into the queue manager.
You were originally compiling the program like this:-
| asrajesh wrote: |
| cc amqssslc.c -o mqsslput /opt/mqm/lib/libmqic.so |
and getting the return code MQRC_ENVIRONMENT_ERROR when you ran it. We suggested you might be using the wrong threading.
Now you compile the program like this:-
| asrajesh wrote: |
| cc amqssslc.c -o mqsslput /opt/mqm/lib/libmqm.so |
which means you are using local bindings to connect to the queue manager instead of a client connection. This also means that SSL won't be used and the MQSCO structure passed in on the MQCONNX will be ignored.
Is this really what you wanted? Is your program really working? Sure, it is no longer giving you the error you had previously, but you're not even attempting to connect over the network. Is that what you want?
Cheers
Morag
P.S. Apologies for the delay before responding, I was OOO for a few days
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| asrajesh |
| Posted: Sat May 25, 2013 12:27 am Post subject: |
|
|
Novice
Joined: 19 Jan 2013
Posts: 20
|
Hi Morag,
Yes .. you are correct. we wanted to use MQSCO structre in MQCONNX to use SSL (through client connection channel) to connect to the queue manager.
After compiling the program using
| Code: |
| cc amqssslc.c -o mqsslput /opt/mqm/lib/libmqm.so |
I exectuted the program using
| Code: |
| mqsslput -m TUXI -c SSL.CLIENTS -x "web1dev(1195)" -k /anbtux/cbs/ssltst/key -s TRIPLE_DES_SHA_US -o http://dummy.OCSP.responder |
, I got the output as
| Code: |
Sample AMQSSSLC start
Connecting to queue manager TUXI
Using the server connection channel SSL.CLIENTS
on connection name web1dev(1195).
Using SSL CipherSpec TRIPLE_DES_SHA_US
Using SSL key repository stem /anbtux/cbs/ssltst/key
Using OCSP responder URL http://dummy.OCSP.responder
Connection established to queue manager TUXI
Sample AMQSSSLC end
|
I thought it was using the client connection channel and SSL only. But, after seeing your post, I too started suspected the program. I exected the same program from the different machine to connect to this QM (which is on different box).
It throwed me an error 2058 (MQRC_Q_MGR_NAME_ERROR).
Please help me to resolve this issue.
Thanks
Regards
S. Rajesh |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sun May 26, 2013 6:12 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Your change of library had nothing to do with the threading model. You just changed the client connection library for a server connection library as in evidenced with your reason code of 2058 wrong qmgr name.
The change in threading model is usually shown by slightly changing the name of the library like in mylib.so vs mylib_r.so.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
