| Author |
Message
|
| MQTrigger |
 Posted: Tue Feb 03, 2004 12:41 am Post subject: 2397 error testing SSL with JAVA on XP client and Unix QM |
 |
|
Apprentice
Joined: 01 Dec 2002
Posts: 39
|
Hi
I get the 2397 error and when trying to connect to the QM using some java code I have. It's telling me that the certificate is unknown. I am only looking to get a 1 way authentication working first, then worry about the 2 way. amqsput/get tests work but the java test is not working. I imported the CA certificate from the queue manager into the default cacert truststore on the client (XP box). I also tried importing the personal certificate but still no luck. I am using keytool to import the certificate into the truststore. Can someone tell me if they have set this up successfully and what I may potentially be doing wrong when importing my certificate?
thanks in advance. |
|
| Back to top |
|
 |
| vennela |
| Posted: Tue Feb 03, 2004 7:29 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
|
| Back to top |
|
|
| MQTrigger |
| Posted: Tue Feb 03, 2004 8:16 am Post subject: Code |
|
|
Apprentice
Joined: 01 Dec 2002
Posts: 39
|
Hi
Yup, that's the code I'm also using. The code works from a Unix client so I know there are no problems with it. I believe it could be a problem with the certificate as indicated in the output on the screen. I import the certificate to the client from the server. On a Unix client, I import both the ibmwebspheremq<qm> and ibmwebspheremq<userid> certs into the cacert trust store and it works successfully. Now I'm trying to accomplish the same on a windows client but it doesn't seem to work... I'll keep trying. Could it be a label issue? If anyone has details ..thanks in advance. |
|
| Back to top |
|
|
| MQTrigger |
| Posted: Thu Feb 05, 2004 11:33 pm Post subject: Solution |
|
|
Apprentice
Joined: 01 Dec 2002
Posts: 39
|
I just wanted to let everyone know I had the wrong classpath and java_home that was pointing to the wrong truststore.
I managed to get it to work.
Although I still am trying to find out why the IBM security redbook speficies that certificates for MQ should have the label names of ibmwebspheremq<qm> and ibmwebspheremq<userid>. It does mention to use lowercase and use these names so that it's distinguishable between other app certificates. Is this the only reason? I performed a test with a different name and it worked so I'm not sure if there was some sort of requirement MQ looks for. thanks |
|
| Back to top |
|
|
| crossland |
| Posted: Mon Mar 15, 2004 8:00 am Post subject: |
|
|
Master
Joined: 26 Jun 2001
Posts: 248
|
Can I confirm that the ibmwebspheremq<userid> only applies to MQ clients and not to java clients running on Windows?
Thanks,
Tim Crossland
http://www.solent-consultancy.com |
|
| Back to top |
|
|
| JasonE |
| Posted: Mon Mar 15, 2004 8:12 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
The certificate label is irrelevant for clients running in Java or running on the windows platform. Only those using GSKit for certificates are impacted by the label name.
On windows there is the concept of assigning a certificate to be used. On unix the assiging is 'implied' by having a specific label. |
|
| Back to top |
|
|
| MQTrigger |
| Posted: Mon Mar 15, 2004 3:12 pm Post subject: Windows Certs |
|
|
Apprentice
Joined: 01 Dec 2002
Posts: 39
|
| Windows uses a numberic handling of certificates. |
|
| Back to top |
|
|
|
|
