| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| [RESOLVED]Unable to setup SSL between client and MQ Qmgr@AIX |
« View previous topic :: View next topic » |
| Author |
Message
|
| shalabh1976 |
 Posted: Fri Jan 20, 2012 4:28 am Post subject: [RESOLVED]Unable to setup SSL between client and MQ Qmgr@AIX |
 |
|
Partisan
Joined: 18 Jul 2002
Posts: 381
Location: Gurgaon, India
|
Environment:
jmsclient: Windows XP
Q Manager: AIX v5.3.0.0
Problem: Unable to setup SSL between client and Q Manager channel
What I did: I used gsk7cmd command to create key repository, self-signed certificate and extract certificate.
following were the commands:
Create key repository
gsk7cmd -keydb -create -db /var/mqm/qmgrs/TEST1/ssl/key.kdb -pw ibm -type cms -stash
Create self-signed certificate
gsk7cmd -cert -create -db /var/mqm/qmgrs/TEST1/ssl/key.kdb -pw ibm -label ibmwebspheremqTEST1 -dn "CN=TEST1, O=IBM, OU=Test, C=GB" -size 1024 -x509version 1
Extract certificate
gsk7cmd -cert -extract -db /var/mqm/qmgrs/TEST1/ssl/key.kdb -pw ibm -label ibmwebspheremqTEST1 -target /var/mqm/qmgrs/TEST1/ssl/cert.der -format binary
Then in the local Windows system using strmqikm, I created a Keystore
and generated the self-signed certificate.
FTPed this certificate in BINARY mode to AIX box
Add Client ertificate
gsk7cmd -cert -add -db /var/mqm/qmgrs/TEST1/ssl/key.kdb -pw ibm -label UNIXSSL -file /var/mqm/qmgrs/TEST1/jmscert.der -format binary
Created a truststore in local Windows system, added the Q manager's certificate in the truststore.
Then I added the ciphersuite as NULL_MD5 at both client and Channel end.
Added the respective SSLPEER.
Error Message:
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
_________________
Shalabh
IBM Cert. WMB V6.0
IBM Cert. MQ V5.3 App. Prog.
IBM Cert. DB2 9 DB Associate
Last edited by shalabh1976 on Fri Jan 20, 2012 6:33 am; edited 1 time in total |
|
| Back to top |
|
 |
| Vitor |
| Posted: Fri Jan 20, 2012 4:42 am Post subject: Re: Unable to setup SSL between client and MQ Q manager on A |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| shalabh1976 wrote: |
Create self-signed certificate
gsk7cmd -cert -create -db /var/mqm/qmgrs/TEST1/ssl/key.kdb -pw ibm -label ibmwebspheremqTEST1 -dn "CN=TEST1, O=IBM, OU=Test, C=GB" -size 1024 -x509version 1 |
Erm...
You might want to review that label name in the light of this:
| Quote: |
| For a queue manager, the format is ibmwebspheremq followed by the name of your queue manager changed to lower case. For example, for QM1, ibmwebspheremqqm1 |
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| shalabh1976 |
| Posted: Fri Jan 20, 2012 6:31 am Post subject: RESOLVED |
|
|
Partisan
Joined: 18 Jul 2002
Posts: 381
Location: Gurgaon, India
|
thx - resolved
_________________
Shalabh
IBM Cert. WMB V6.0
IBM Cert. MQ V5.3 App. Prog.
IBM Cert. DB2 9 DB Associate |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Jan 20, 2012 6:38 am Post subject: Re: RESOLVED |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| shalabh1976 wrote: |
| thx - resolved |
How did you resolve this? Please share your solution with us.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
