| Author |
Message
|
| pfarrel |
 Posted: Thu Dec 01, 2011 10:21 am Post subject: SSL Connection with MQ/Explorer |
 |
|
Centurion
Joined: 16 Mar 2004
Posts: 120
Location: Kansas City
|
I have set up an SSL connection from an MQ client on windows to an MQ queue manager on AIX. I used the MO04 support pack, and I was able to complete all the tasks and get the sample program working.
Now I'm ready to move on and connect with MQ/Explorer using the same SSL SVRCONN channel. I am having problems making that work.
Currently I am getting this message at the queue manager end:
AMQ9639: Remote channel 'SSL.SVRCONN' did not specify a CipherSpec.
I'm assuming that I did not specify the parameters correctly in MQ/Explorer.
I have set both the "Trusted Certificate Store" and the "Personal Certificate Store" to point to the certificate repository on the windows system, which is:
C:\akey\key.kdb
I also set the "SSL CipherSpec" to DES_SHA_EXPORT, which is what I have set on SVRCONN channel on the server side.
Should I be putting the certificate names somewhere ?
I have ibmwebspheremq<qmname> on the server and ibmwebspheremq<userid> on the client side.
Anything else I may have forgotten ? |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Thu Dec 01, 2011 10:35 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
see the bottom half of this page.
Notice that little bitty ".jks". |
|
| Back to top |
|
|
| pfarrel |
| Posted: Mon Dec 05, 2011 2:48 am Post subject: |
|
|
Centurion
Joined: 16 Mar 2004
Posts: 120
Location: Kansas City
|
Thanks for the response. I had created a key.kdb on my windows system. I now have both a key.kdb and a key.jks. MQ/Explorer now works. I followed most of the instruction in your link, but there is one part I didn't do, and MQ/Explorer seems to work without it.
I didn't create a client channel definition ( and therefore didn't copy it to my windows system ). What does that do exactly, and why does MQ /Explorer work with out that step ? |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Dec 05, 2011 12:38 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| pfarrel wrote: |
Thanks for the response. I had created a key.kdb on my windows system. I now have both a key.kdb and a key.jks. MQ/Explorer now works. I followed most of the instruction in your link, but there is one part I didn't do, and MQ/Explorer seems to work without it.
I didn't create a client channel definition ( and therefore didn't copy it to my windows system ). What does that do exactly, and why does MQ /Explorer work with out that step ? |
You want to  client manual in the infocenter  and it will answer your question. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Dec 05, 2011 1:29 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| pfarrel wrote: |
| ...why does MQ /Explorer work with out that step ? |
Does your SVRCONN definition specify SSLCAUTH(REQUIRED) or SSLCAUTH(OPTIONAL)?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| pfarrel |
| Posted: Tue Dec 06, 2011 4:04 am Post subject: |
|
|
Centurion
Joined: 16 Mar 2004
Posts: 120
Location: Kansas City
|
| I have SSLCAUTH(REQUIRED). |
|
| Back to top |
|
|
|
|
