| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| mq client connection SSL enabled with .kdb |
« View previous topic :: View next topic » |
| Author |
Message
|
| xmqymshr |
 Posted: Fri Jan 15, 2016 9:33 am Post subject: |
 |
|
Novice
Joined: 13 Jan 2016
Posts: 14
|
Sorry about that i reread the infocenter and found out there was a key missing in the app.config file to make the application as managed and it worked. But still i get Host_NOT_Available exception on the client side. So i enabled the client trace using 'strmqtrc' and found out the below issues
1) Constructing IBM.WMQ.Nmqi.MQConnectionSpecification#018D94BD MQMBID sn=p800-004-151017 su=_KvDdkHSxEeW7tayg2YKGHQ pn=lib/dotnet/pc/winnt/nmqi/managed/MQConnectionSpecification.cs
00000148 12:23:39.805632 4236.8 Couldnt find a matching connection spec. Adding new one into table
Even after adding the Cipher Spec in the code like this
prop.Add(MQC.SSL_CIPHER_SPEC_PROPERTY, "TLS_RSA_WITH_3DES_EDE_CBC_SHA");
2) Setting current certificate store as 'Computer'
000001B6 12:23:39.868134 4236.8 Created store object to access certificates
000001B7 12:23:39.868134 4236.8 Opened store
000001B8 12:23:39.868134 4236.8 Accessing certificate - ibmwebspheremq(username)
How should i change the lable in the certificate store for the existing certificate
And then it throws the below exception
000001B9 12:23:39.868134 4236.8 TLS12 supported - True
000001BA 12:23:39.868134 4236.8 Setting SslProtol as Tls
000001BB 12:23:39.868134 4236.8 Starting SSL Authentication
000001BC 12:23:39.868134 4236.8 ------------{ MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[])
000001BD 12:23:39.868134 4236.8 Client callback has been invoked to find client certificate
000001BE 12:23:39.868134 4236.8 ------------} MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) rc=OK
000001BF 12:23:40.507601 4236.8 System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
Please help me  |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Fri Jan 15, 2016 6:31 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
Help us help you.
run
| Code: |
| runmqakm -cert -details |
or equivalent on the certs both in the server store and in the client store.
This will display the certs and hopefully shed some light on this.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| xmqymshr |
| Posted: Mon Jan 25, 2016 10:26 am Post subject: |
|
|
Novice
Joined: 13 Jan 2016
Posts: 14
|
It was not the certificates mismatch, it was the cipher spec the issue was finally resolved when i used TRIPLE_DES_SHA_US cipher spec.
Thank you all for the help |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Jan 26, 2016 5:19 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
| xmqymshr wrote: |
It was not the certificates mismatch, it was the cipher spec the issue was finally resolved when i used TRIPLE_DES_SHA_US cipher spec.
Thank you all for the help |
You do realize that TRIPLE_DES_SHA_US is SSL V3 and as such not secure.
In order to have a secure communication you need TLS...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
