MQSeries.net :: View topic

ivanachukapawn · Posted: Sat Mar 18, 2006 1:57 pm Post subject:

I very carefully followed the instructions (provided by the wizard, i.e. wmqsslwizard.jar in MO04) and configured a SVRCONN for SSL. The basic architecture of this endeavor is as follows:

Java Client on Windows XP
Queue Manager on Solaris
MQ6.0 with refresh pack 6.0.1.0 in both environments.

I told the wizard that I did not want client certification checking.

I ended up creating a Java Key Store on my Java Client, and a Keystore on the Queue Manager (type cms with kds suffix).

I created a certificate on the Solaris side, extracted it, and added it to the Java Key Store (client side), refreshed the security, and tested.

My Java Client gets a 2397.

When this failed, I got suspicious about my server side Queue Manager name which is QM.ATRADE_AP24_B

I mean, the underscores look like they might be a problem, because the certificate labelling convention ("ibmwebspheremq" + queuemanager name in lower case) is somehow used in matching certificates - also, this PEERNAME and DN mess is quite confusing. I don't know how its supposed to work.

Because of the suspicion referred to above, I created a test Queue Manager with a single character name (B), and when through the whole SSL configuration exercise again. When that was completed, I targeted my Java Client to the B Queue Manager and it got a connection on the SSL Encrypted SVRCONN channel.

This seems to corroborate my suspicion about the Queue Manager name with the underscores.

Anybody have any ideas as to how I can successfully configure SSL enabled SVRCONN channels on Queue Manager QM.AFAPT_AP24_B ?