ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » SSL problem running a sysplex

Post new topic  Reply to topic
 SSL problem running a sysplex « View previous topic :: View next topic » 
Author Message
griffel
PostPosted: Tue Mar 22, 2005 7:14 am    Post subject: SSL problem running a sysplex Reply with quote

Novice

Joined: 22 Mar 2005
Posts: 23
Our configuration:

WebSphere MQ 5.3 CSD9 for Windows (here 2000) as a Java JMS client to connect to a queue manager running as WebSphere MQ 5.3.1 on z/OS via SVRCONN-channels.

Channels are secured by SSL-authentication (bidirectional).

Clients connect to a QM named MT03 on the host. Everything fine.

Clients do not connect to a pair of QMs named MT02 (physically
MT2A and MT2B) running as sysplex. Same SSL configuration
(peers, truststores, keystores, etc.). The MT02 QMs share a
keyring MT02KR which is connected to the QMs master adress spaces's
userid MT02MQ.

It might be a syplex group name issue?

Any pointers, ideas, help or share of experience are welcome.
Back to top
View user's profile Send private message
griffel
PostPosted: Tue Mar 22, 2005 11:21 pm    Post subject: Reply with quote

Novice

Joined: 22 Mar 2005
Posts: 23
Sorry, "QMs master adress spaces's " is a typo.
Of course, it should run: "QMs channel initiator adress spaces's".

Some more detail: javax.net.debug tells me:

WRITE: SSLv2 client hello message, length = 44main, received EOFException: errormain, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshakemain
Back to top
View user's profile Send private message
griffel
PostPosted: Tue Mar 29, 2005 3:55 am    Post subject: Reply with quote

Novice

Joined: 22 Mar 2005
Posts: 23
Forgot some server side details:

Syslog entry tells me: GSKSecureSockInit error with return code 12.
The manuals translate this into "Key label not found", which is a nice idea, but we think we've chosen correct names to label the certificates in the QM's keyring.
We used label "ibmWebSphereMQMT02" and, just in case, we also
tried "ibmWebSphereMQMT2A".
Back to top
View user's profile Send private message
griffel
PostPosted: Mon Apr 11, 2005 5:35 am    Post subject: SOLVED Reply with quote

Novice

Joined: 22 Mar 2005
Posts: 23
Was a problem with a broken CA certificate. No MQ problem at all.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » SSL problem running a sysplex
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.