| Author |
Message
|
| Alex92584 |
 Posted: Sat Nov 30, 2013 2:27 pm Post subject: SSL intilaization error for MQ Client and MQ Server |
 |
|
Newbie
Joined: 05 Nov 2012
Posts: 6
Location: Malaysia
|
Need experts assistance to debug the errors :
trying to do the testing for the server /client ssl conectivity getting the below error :
Defined the svrconn on TEST QMgr :
AMQ8414: Display Channel details.
CHANNEL(TEST_SVRCONN) CHLTYPE(SVRCONN)
ALTDATE(2013-12-01) ALTTIME(04.42.10)
COMPHDR(NONE) COMPMSG(NONE)
DESCR(Server-connection to Client_1) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(REQUIRED)
SSLCIPH(NULL_SHA) SSLPEER(CN=TILAK)
TRPTYPE(TCP)
and doing test for client -server connectivity with secured :
$ export MQSSLKEYR=/var/test/ssl/client
$ export export MQCHLTAB=AMQCLCHL.TAB
$ export MQCHLLIB=/var/mqm
$ ./amqssslc -m TEST_QM -c TEST_SVRCONN -x 'hlixtr158.xxxx.xxxx(1420)'
Sample AMQSSSLC start
Connecting to queue manager TEST_QM
Using the server connection channel TEST_SVRCONN
on connection name hlixtr158.xxxx.xxx(1420).
No SSL configuration specified.
MQCONNX ended with reason code 2393
2393 0x00000959 MQRC_SSL_INITIALIZATION_ERROR
Please help to assist where i need to check this
_________________
Alex K
Malaysia |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Sat Nov 30, 2013 4:22 pm Post subject: Re: SSL intilaization error for MQ Client and MQ Server |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Alex92584 wrote: |
No SSL configuration specified.
MQCONNX ended with reason code 2393
2393 0x00000959 MQRC_SSL_INITIALIZATION_ERROR
|
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| exerk |
| Posted: Sun Dec 01, 2013 2:45 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
If you insist on setting the environment variables rather than using the mqclient.ini file you should at least check you have them set correctly; the obvious error that stands out for me is: $ export export MQCHLTAB=AMQCLCHL.TAB
EDIT: I have locked your other post as it is effectively a duplicate of this one.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Mon Dec 02, 2013 8:22 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
So, you are saying your Key Store is client.kdb at /var/test/ssl/ and you also have a stash file there too.
Don't mix environment variables and amqssslc switches. Just use the switches and you are missing the switch that specifies the cipher spec. Read the manual and follow the instructions. |
|
| Back to top |
|
|
| Alex92584 |
| Posted: Thu Dec 26, 2013 5:05 pm Post subject: |
|
|
Newbie
Joined: 05 Nov 2012
Posts: 6
Location: Malaysia
|
as per suggestion made changes on variables and changed the location to avoid the mixing environment variables and amqssslc switches
export MQSSLKEYR=/var/mqm/test/ssl/client
$export MQCHLTAB=AMQCLCHL.TAB
$ export MQCHLLIB=/var/mqm
$ ./amqssslc -m TEST_QM -c TEST_SVRCONN -x 'hlixtr158.xxxx.xxxx(1420)'
Sample AMQSSSLC start
Connecting to queue manager TEST_QM
Using the server connection channel TEST_SVRCONN
on connection name hlixtr158.xxxx.xxx(1420).
No SSL configuration specified.
MQCONNX ended with reason code 2393
still the same error looking
_________________
Alex K
Malaysia |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Dec 27, 2013 4:48 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Alex92584 wrote: |
| $ ./amqssslc -m TEST_QM -c TEST_SVRCONN -x 'hlixtr158.xxxx.xxxx(1420)' |
OK, muy bad, I've finally got around to looking at what the sample does, and according to the Info Centre:
| Quote: |
| This enables a client MQI application to provide the definition of its client connection channel and SSL/TLS settings at run time without a client channel definition table (CCDT) |
And then goes on to say:
| Quote: |
AMQSSSLC accepts the following parameters, all of which are optional:
-m QmgrName
Name of the queue manager to connect to
-c ChannelName
Name of the channel to use
-x ConnName
Server connection name |
Which implies that the SSL/TLS parameters, or at least one other, are required if you are specifying the -m, -c, and -x parameters. Having done a quick test, specifying 4 (four) parameters on the command line, I got a different error (no OCSP responder, and not surprising in my case) and I'm not going to state which extra parameter I used as that's for you to work out, and it's easy if you stop and think about it.
With only 1 (one) parameter specified on the command line (and again, I'm going to leave you to work out that obvious one) I got a successful connection - but my environment is set up to use the mqclient.ini file, not the trinity of variables. As a blind check, I then set the environment variables, renamed the mqclient.ini file so it couldn't be found, and got exactly the same error you did. Ergo, the conclusion is that the variables are not used by this sample (implied in the Info Centre) but oddly the mqclient.ini file is honoured, and the reason I got a successful connection without an OCSP responder error is because I have OCSP set in my mqclient.ini file.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Dec 27, 2013 10:53 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| Alex92584 wrote: |
as per suggestion made changes on variables and changed the location to avoid the mixing environment variables and amqssslc switches
export MQSSLKEYR=/var/mqm/test/ssl/client
$export MQCHLTAB=AMQCLCHL.TAB
$ export MQCHLLIB=/var/mqm
$ ./amqssslc -m TEST_QM -c TEST_SVRCONN -x 'hlixtr158.xxxx.xxxx(1420)'
Sample AMQSSSLC start
Connecting to queue manager TEST_QM
Using the server connection channel TEST_SVRCONN
on connection name hlixtr158.xxxx.xxx(1420).
No SSL configuration specified.
MQCONNX ended with reason code 2393
still the same error looking |
No you did not!
see here you have your environment variables...
| Code: |
export MQSSLKEYR=/var/mqm/test/ssl/client
$export MQCHLTAB=AMQCLCHL.TAB
$ export MQCHLLIB=/var/mqm |
and here you run your program, completely bypassing the channel table
| Code: |
| $ ./amqssslc -m TEST_QM -c TEST_SVRCONN -x 'hlixtr158.xxxx.xxxx(1420)' |
So why oh why do you expect any result different from the one you are seeing?? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Alex92584 |
| Posted: Fri Jan 03, 2014 2:39 am Post subject: |
|
|
Newbie
Joined: 05 Nov 2012
Posts: 6
Location: Malaysia
|
What need to be done for this .., where i need to correct mydelf am clue less
_________________
Alex K
Malaysia |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Jan 03, 2014 2:52 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Alex92584 wrote: |
| What need to be done for this .., where i need to correct mydelf am clue less |
All the information has been given to you in previous posts by myself and fjb_saper - please read them more carefully, and most especially the last paragraph of my previous post.
You will benefit more from doing so, and experimenting, than you will by being given the exact and explicit answer - which is already there in previous posts.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
