ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » MQClient SSL greater than 12 character username.

Post new topic  Reply to topic
 MQClient SSL greater than 12 character username. « View previous topic :: View next topic » 
Author Message
iceage
PostPosted: Wed Feb 18, 2015 12:42 pm    Post subject: MQClient SSL greater than 12 character username. Reply with quote

Acolyte

Joined: 12 Apr 2006
Posts: 68
Does anybody encountered an issue with MQClient when the application userid is greater than 12 characters ? How is certificate looked up ?

I have set personal certificate as default certificate using (runmqckm -setdefault) , still i encounter error message
Quote:
AMQ9642: No SSL certificate for channel
when SSCAUTH turned on and no ssl issues when SSLCAUTH being OPTIONAL.

MQ version 7.0.1.11

Thanks
Back to top
View user's profile Send private message
hughson
PostPosted: Thu Feb 19, 2015 3:20 am    Post subject: Re: MQClient SSL greater than 12 character username. Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
iceage wrote:
with MQClient when the application userid is greater than 12 characters ? How is certificate looked up ?

Assuming that you are on UNIX or Linux, this passage in KC is enlightening:-
Quote:
UNIX and Linux platforms generally restrict the length of a user ID to 12 characters. AIX® Version 5.3 has raised this limit but WebSphere MQ continues to observe a 12 character restriction on all UNIX and Linux platforms. If you use a user ID of greater than 12 characters, WebSphere MQ replaces it with the value UNKNOWN.

(see Authority to administer WebSphere MQ on UNIX, Linux, and Windows systems)

Therefore, the user ID used to form the string 'ibmwebspheremq<logged-on-user-id>' which is the label used to locate the client certificate in the KDB file becomes 'ibmwebspheremqunknown'.

If you take trace of MQ with your problem and then grep for the string ibmwebspheremq, you will see the label that was generated to see if this is indeed your issue.

Suggest the following possibilites:-
  • Stick to user IDs that stay within 12 character limit.
  • Download a V8 client and use the Certificate Label feature.
Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » MQClient SSL greater than 12 character username.
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.