| Author |
Message
|
| Yalavarthi |
 Posted: Tue Jun 15, 2004 6:16 am Post subject: MQ5.3 Channel Error-urgent |
 |
|
Newbie
Joined: 15 Jun 2004
Posts: 4
|
Hi,
I am testing the communication between two Queue Managers within single machine using SSL.
I configured one sender channel and reciver channel with both the Queue Managers.
i am able to exchange the data using these channels with out SSL.
For implementing SSL i did the following.
1.i downloaded the demo certificates from www.digsigtrust.com
2.Downloaded two certificates called SSLQM1 and SSLQM2 respectively for QM1 and QM2.
3.i installed both the certificates with both the Queue Managers.
4.I assigned SSLQM1 to QM1 and SSLQM2 to QM2.
5.I configured both the channels to use SSL CipherSpec Standard setting to use RC4_MD5_US.
6. surprisingly the channels are not able to start.
Here are the log file details..
2004-06-13 17:33:44
AMQ9698: An SSL security call failed during SSL handshaking.
---------------------------------------------------------------------------------------
EXPLANATION:
An SSPI call to the Secure Channel (Schannel) SSL provider failed during SSL
handshaking. The failure has caused WebSphere MQ channel name 'Channel1' to be
closed. If the name is '????' then the name is unknown.
ACTION:
Consult the Windows Schannel reference manual to determine the meaning of
status 0x8009030E (No credentials are available in the security package ) for
SSPI call AcquireCredentialsHandle. Correct the failure and if necessary
re-start the channel.
----- amqccisn.c : 2706 -------------------------------------------------------
2004-06-13 17:33:45
AMQ9999: Channel program ended abnormally.
EXPLANATION:
Channel program 'Channel1' ended abnormally.
ACTION:
Look at previous error messages for channel program 'Channel1' in the error
files to determine the cause of the failure.
------------------------------------------------------------------------------------------------
I am able to find the reason from windows (0x8009030E ) manuals
The certificate file is corrupt or invalid.
Can any body suggest me on this, any help is appreciated.
Thanks in advance.
Srini |
|
| Back to top |
|
 |
| vennela |
| Posted: Tue Jun 15, 2004 8:03 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
| Quote: |
4.I assigned SSLQM1 to QM1 and SSLQM2 to QM2.
|
I think you need to assign atleast one certificate to both the QMGRs. You can certainly assign both the certs to QM1 and QM2 but you require atleast one cert on BOTH. |
|
| Back to top |
|
|
| Yalavarthi |
| Posted: Tue Jun 15, 2004 9:38 am Post subject: |
|
|
Newbie
Joined: 15 Jun 2004
Posts: 4
|
Yeah i added both certificates to both the Queue Managers stores.
i assigned one certificate out of that.
let me say cer1 to QM1 and cer2 to QM2 |
|
| Back to top |
|
|
| vennela |
| Posted: Tue Jun 15, 2004 9:55 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
| Quote: |
| let me say cer1 to QM1 and cer2 to QM2 |
You have to assign
cer1 to QM1 and cer1 to QM2 |
|
| Back to top |
|
|
| Yalavarthi |
| Posted: Tue Jun 15, 2004 10:18 pm Post subject: |
|
|
Newbie
Joined: 15 Jun 2004
Posts: 4
|
QM1 certicate store contains both the certificates cer1 and cer2.
QM2 store contains both the certificates cer1 and cer2.
both the stores contains roor certificate as well.
Yeah i did exactly the same way, assigned cer1 to QM1 and cer2 to QM2.
i don't see any mistake with the configuration, i did as per the MQ Security guide.
I am very new to MQ Series actually i works with Seebeyond(EAI). |
|
| Back to top |
|
|
| jed |
| Posted: Tue Jun 15, 2004 11:05 pm Post subject: |
|
|
Centurion
Joined: 08 Jan 2004
Posts: 118
Location: MI, USA
|
hhhmm..... lets see first.... without SSL, are your channels running?
if they are... then lets move to SSL setup/config.
since you said that you were able to assign the certificates.
then half of your work is done...
my question now is, did you get to extract those certificates and load them to each others' key repository?
its like this....
what you did is....
SSLQM1 goes to QM1
SSLQM2 goes to QM2
now you need to do is...
extract SSLQM1 from QM1 and add to QM2's key repository.
extract SSLQM2 from QM2 and add to QM1's key repository.
that should do the trick.... though, i'm not that familiar with MQ SSL on windows.
_________________
Jed |
|
| Back to top |
|
|
| vennela |
| Posted: Wed Jun 16, 2004 6:13 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
| Quote: |
| Yeah i did exactly the same way, assigned cer1 to QM1 and cer2 to QM2. |
No you did not
I am telling you to assign cert1 to both QM1 and QM2 |
|
| Back to top |
|
|
| Yalavarthi |
| Posted: Wed Jun 16, 2004 6:47 am Post subject: |
|
|
Newbie
Joined: 15 Jun 2004
Posts: 4
|
Hi All,
Thanks for you support and help, i resolved all the problems , now i am able to exchange data using SSL between two Queue Managers.
Thanks once again
Srini |
|
| Back to top |
|
|
|
|
