| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| An SSL certificate received from the remote system was not |
« View previous topic :: View next topic » |
| Author |
Message
|
| rsinha |
 Posted: Fri Nov 07, 2014 3:59 pm Post subject: An SSL certificate received from the remote system was not |
 |
|
Apprentice
Joined: 29 Aug 2003
Posts: 42
|
Hi,
We are on version MQ 5.3 and am using SSL on channels with our trading partner. The channels were working fine until the trading partner renewed their SSL cert. This new cert has the same root CA but a different intermediate CA. Therefore, we imported their new intermediate cert on our side in MQ key repository and bounced MQ. Since then both our send and receive channels are failing with following error -
An SSL certificate received from the remote system was not corrupt but failed validation checks on something other than its ASN fields and date. It is possible that the certificate Subject DN is more than 1024 characters long or contains unsupported duplicate attribute values.
But our trading partner is saying that their Subject DN is fine. They have recently upgraded to MQ 7.1.
Is it possible that it may be caused by some incompatibility betweeb MQ 5.3 and 7.1? |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Fri Nov 07, 2014 7:42 pm Post subject: Re: An SSL certificate received from the remote system was n |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| rsinha wrote: |
Hi,
We are on version MQ 5.3 and am using SSL on channels with our trading partner. The channels were working fine until the trading partner renewed their SSL cert. This new cert has the same root CA but a different intermediate CA. Therefore, we imported their new intermediate cert on our side in MQ key repository and bounced MQ. Since then both our send and receive channels are failing with following error -
An SSL certificate received from the remote system was not corrupt but failed validation checks on something other than its ASN fields and date. It is possible that the certificate Subject DN is more than 1024 characters long or contains unsupported duplicate attribute values.
But our trading partner is saying that their Subject DN is fine. They have recently upgraded to MQ 7.1.
Is it possible that it may be caused by some incompatibility betweeb MQ 5.3 and 7.1? |
Sure ... you're on an unsupported version. Just think if they created their certs with a key size > 2048 you will have problems... Things in SSL have changed quite a lot since SSL was first introduced in MQ...
Upgrade ... Upgrade.... Upgrade... and ask per PMR what your upgrade path should be....
I would make sure the qmgr's queues are empty, run saveqmgr or dmpmqcfg (client) and rebuild the qmgr at the newer version (7.5.0.3 or above...). You might also need to replatform because of needed OS upgrades if you're still at MQ5.3
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Wed Nov 12, 2014 10:36 am Post subject: Re: An SSL certificate received from the remote system was n |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
| rsinha wrote: |
| Is it possible that it may be caused by some incompatibility betweeb MQ 5.3 and 7.1? |
Almost certainly! By definition, IBM does not regression test with products that have reached EOS. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
