ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » Clustering » channels retrying when moving to SSL

Post new topic  Reply to topic
 channels retrying when moving to SSL « View previous topic :: View next topic » 
Author Message
rloos
PostPosted: Mon Oct 15, 2007 4:10 am    Post subject: channels retrying when moving to SSL Reply with quote

Newbie

Joined: 15 Oct 2007
Posts: 2
I'm moving the cluster-channels of a cluster of three full-repo queue managers to SSL.
Migration went smooth with the receiver-channels from QM_1 (stop clus-senders on others, stop clus-receiver, alter clus-receiver, wait a minute, start clus-receiver) with success.

On the second and third, less success: the sender channels from QM1 to QM_2 and QM_3 always retrying with error
Quote:
AMQ9642: "No SSL certificate for channel 'CLUSCH.QM_2' <...> the sender did not suppy a certificate to use during SSL handshake.


However, I can successfully create normal sender and receiver channels between all three queue managers, and they start up correctly.

The SSL settings for clustered channels are
SSLPEER "CN=XXX,O=COMPANY"
SSLCIPH NULL_SHA
SSLAUTH OPTIONAL

I used same settings for the normal channels, however these are defined with SSLAUTH REQUIRED.

Another, maybe related error, is the fact that I can't do a listing on the key repositories (all three) (gsk6cmd -cert -list -db key.kdb returns "key database corrupt"). While these key databases have just been created by other gsk6cmd commands locally on the machine.

Anyone an idea how I can proceed?

MQ v5.3 CSD 09
Platform: All queue mangers on AIX v5.1
Back to top
View user's profile Send private message
rloos
PostPosted: Tue Oct 16, 2007 12:41 am    Post subject: Reply with quote

Newbie

Joined: 15 Oct 2007
Posts: 2
So, a restart of the QM did make it work.

I now remember that on the QM_1, at first there was an incorrect key repository installed which has been corrected afterwards.

My guess is the corrected key repository was used for the newly created "normal" channels, but that for the cluster-channels it still tried to use the old, incorrect key repo.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » Clustering » channels retrying when moving to SSL
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.