ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » SSL Errors with CSD11's gsk6bas(version 6.0.5.43/6.0.5.45)

Post new topic  Reply to topic
 SSL Errors with CSD11's gsk6bas(version 6.0.5.43/6.0.5.45) « View previous topic :: View next topic » 
Author Message
shiva_kinnu
PostPosted: Tue Dec 20, 2005 4:55 am    Post subject: SSL Errors with CSD11's gsk6bas(version 6.0.5.43/6.0.5.45) Reply with quote

Newbie

Joined: 20 Dec 2005
Posts: 2
Hi,
Recently i applied CSD11 & gsk6bas(version 6.0.5.43/6.0.5.45) on one of our solaris machines. From then on i am getting the following errors.

When we configure SSL with SVRCONN channels, we are getting MQRC
2393(SSL INITIALIZATION ERROR) for our client applications.

The Channel definition looks as shown below.:
----------------------------------------------
CHANNEL(SRINI.SVRCONN) CHLTYPE(SVRCONN)
TRPTYPE(TCP) DESCR(EMB Advanced Defaults)
SCYEXIT() MAXMSGL(4194304)
SCYDATA( ) HBINT(300)
SSLCIPH(NULL_SHA) SSLCAUTH(REQUIRED)
KAINT(AUTO) MCAUSER( )
ALTDATE(2005-12-20) ALTTIME(02.43.1
SSLPEER()
SENDEXIT( )
RCVEXIT( )
SENDDATA( )
RCVDATA( )

General Error Log Snippet When SSLCAUTH is set to REQUIRED:
------------------------------------------------------------------------------------

----- amqccita.c : 973--------------------------------------------------------
12/20/05 02:25:59
AMQ9642: No SSL certificate for channel 'SRINI.SVRCONN'.
EXPLANATION:
The channel 'SRINI.SVRCONN' did not supply a certificate to use during SSL
handshaking, but a certificate is required by the remote queue manager. The
channel did not start.
ACTION:
Ensure that the key repository of the local queue manager or MQ client
contains
an SSL certificate which is associated with the queue manager or client.
Alternatively, if appropriate, change the remote channel definition so that
its
SSLCAUTH attribute is set to OPTIONAL and it has no SSLPEER value set.
----- amqrfpta.c : 334--------------------------------------------------------

Qmgr Error Log Snippet, When SSLCAUTH is set to REQUIRED with/without
security exit:
----------------------------------------------------------------------
----- amqrmrsa.c : 467--------------------------------------------------------
12/20/05 02:26:55
AMQ9637: Channel is lacking a certificate.
EXPLANATION:
The channel is lacking a certificate to use for the SSL handshake. The
channel
name is 'SRINI.SVRCONN' (if '????' it is unknown at this stage in the SSL
processing). The channel did not start.
ACTION:
Make sure the appropriate certificates are correctly configured in the key
repositories for both ends of the channel.
----- amqccisx.c : 3154
-------------------------------------------------------
12/20/05 02:26:55
AMQ9999: Channel program ended abnormally.
EXPLANATION:
Channel program 'SRINI.SVRCONN' ended abnormally.
ACTION:
Look at previous error messages for channel program 'SRINI.SVRCONN' in the
error files to determine the cause of the failure.



Every thing was working fine with CSD8(gsk6bas version 6.0.4.37).
I checked the release notes of CSD11, but couldnot makeout anything from it.

Can some one let me know what might have gone wrong while/after upgrading to CSD11.
Thanks for help
shiva_kinnu.
Back to top
View user's profile Send private message
JonB
PostPosted: Thu Dec 22, 2005 3:05 am    Post subject: Reply with quote

Apprentice

Joined: 14 Nov 2002
Posts: 27
Location: Dublin, Ireland
Have a check that the label field is set correctly on you SSL certificate. It was documented that the SSL label must be in the format of ibmwebspheremquserid for a client connection. This appeared not to be the case for 5.3.08.

It is now working as documented. It may be a place to start.
_________________
Jon Barry
IBM Certified System Administrator - WebSphere MQ V5.3
IBM Certified Solution Designer - WebSphere MQ V5.3
Back to top
View user's profile Send private message
shiva_kinnu
PostPosted: Thu Dec 22, 2005 5:14 am    Post subject: Reply with quote

Newbie

Joined: 20 Dec 2005
Posts: 2
Thanks a lot Jon
Your suggession worked great. Actually there was a mismatch in the label. Now we are able to make the client connection to queue manager using SERVERCONN channel.
Thanks for help.
Shiva_kinnu
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » SSL Errors with CSD11's gsk6bas(version 6.0.5.43/6.0.5.45)
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.