ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » MQ SSL error -18

Post new topic  Reply to topic
 MQ SSL error -18 « View previous topic :: View next topic » 
Author Message
pbmsmit
PostPosted: Thu Nov 20, 2003 9:56 am    Post subject: MQ SSL error -18 Reply with quote

Apprentice

Joined: 11 Jul 2003
Posts: 42
Location: Chicago
We are trying to use MQ SSL for channels between two OS/390 MQmanagers. We are getting these errormessages:

On the MQ9T log...
CSQX620E MQ9T CSQXRESP SYSTEM SSL ERROR
CHANNEL ????
FUNCTION 'gsk_secure_soc_init' RC= -18

On the MQ1T log...
CSQX633E MQ1T CSQXRESP SSL CERTIFICATE FOR REMOTE CHANNEL ???? FAILED LOCAL CHECK

-18 means cannot verify selfsigned certificate in keyring. both certificates are connected to the keyring (we are using TopSecret not RACF)
_________________
Peter Smit
LaSalle Bank Corporation, member of ABN AMRO NV Group
Back to top
View user's profile Send private message
pcantin
PostPosted: Thu Nov 20, 2003 12:18 pm    Post subject: Reply with quote

Novice

Joined: 16 Apr 2002
Posts: 15
Location: Québec/Canada
Do you have export/import the certificate to each other ?
We are testing the SSL actually with z/OS and unix.
We get the same error message but we have export certificate just in one qmgr (on unix). We have not succesfully import the certificate of the unix qmgr in the keyring of the qmgr on z/OS.

We have successfully implemented SSL on two unix qmgrs but we are trying to implementing it between z/OS and unix.
Back to top
View user's profile Send private message MSN Messenger
pbmsmit
PostPosted: Thu Nov 20, 2003 12:30 pm    Post subject: MQ SSL RC -18 Reply with quote

Apprentice

Joined: 11 Jul 2003
Posts: 42
Location: Chicago
Yes, we exported/imported the certificates both ways (but we'll check again).
This is the AA1T Key Ring info
----------- SEGMENT RINGDATA
KEYRING = MQ1TRING ACCESSORID = MQ1TCHIN
ADMIN BY= BY(EJGRAY0 ) SMFID(CSYS) ON(10/30/03) AT(14:27:3
KEYRING LABEL = MQ1TRING
KEYRING HAS THE FOLLOWING CERTIFICATES CONNECTED:
ACID(MQ1TCHIN) DIGICERT(mq1tc001) DEFAULT(YES) USAGE(PERSONAL)
LABLCERT(ibmWebSphereMQMQ1T )
ACID(MQ2TCHIN) DIGICERT(mq2tc001) DEFAULT(NO ) USAGE(PERSONAL)
LABLCERT(ibmWebSphereMQMQ2T )
ACID(MQ9TCHIN) DIGICERT(mq9tc001) DEFAULT(NO ) USAGE(PERSONAL)
LABLCERT(ibmWebSphereMQMQ9T )

This is the TSTA Key Ring Info
----------- SEGMENT RINGDATA
KEYRING = MQ9TRING ACCESSORID = MQ9TCHIN
ADMIN BY= BY(EJGRAY0 ) SMFID(TSTA) ON(10/30/03) AT(14:26:39)
KEYRING LABEL = MQ9TRING
KEYRING HAS THE FOLLOWING CERTIFICATES CONNECTED:
ACID(MQ9TCHIN) DIGICERT(mq9tc001) DEFAULT(YES) USAGE(PERSONAL)
LABLCERT(ibmWebSphereMQMQ9T )
ACID(MQ1TCHIN) DIGICERT(mq1tc001) DEFAULT(NO ) USAGE(PERSONAL)
LABLCERT(ibmWebSphereMQMQ1T )
ACID(MQ2TCHIN) DIGICERT(mq2tc001) DEFAULT(NO ) USAGE(PERSONAL)
LABLCERT(ibmWebSphereMQMQ2T )

We have the same error on a Unix-W2000 connection (Unix to W2000 is working, W2000 to Unix also -1.

Looks like the certificate is not correct.
_________________
Peter Smit
LaSalle Bank Corporation, member of ABN AMRO NV Group
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » MQ SSL error -18
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.