ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ SupportManaged .NET Client Connecting with SSL. MQ version 8.0

Post new topicReply to topic
Managed .NET Client Connecting with SSL. MQ version 8.0 View previous topic :: View next topic
Author Message
mfiorel1
PostPosted: Thu Aug 31, 2017 1:11 pm Post subject: Managed .NET Client Connecting with SSL. MQ version 8.0 Reply with quote

Newbie

Joined: 18 Aug 2017
Posts: 7

I'm receiving the below error when connecting from my .NET client application. No errors are shown on the server:

Remote host '10.158.193.51(1416)' not available, retry later.

The attempt to allocate a conversation using TCP/IP to host '10.158.193.51(1416)' for channel (Exception) was not successful. However the error may be a transitory one and it may be possible to successfully allocate a TCP/IP conversation later.


When I remove the SSL_CIPHER_SPEC property, the connection does reach the server, and I get the below in the server logs (makes sense).

AMQ9639: Remote channel 'CHANNEL_SSL' did not specify a CipherSpec.

EXPLANATION:
Remote channel 'CHANNEL_SSL' did not specify a CipherSpec when the local
channel expected one to be specified.

The remote host is 'wpidvwtest02 (10.158.193.152)'.

The channel did not start.
ACTION:
Change the remote channel 'CHANNEL_SSL' on host 'wpidvwtest02 (10.158.193.152)'
to specify a CipherSpec so that both ends of the channel have matching
CipherSpecs.


I sense this is not a networking issue given that I can connect to other QMs from the same machine. Are there special consideration I need to make connecting to MQ via SSL with a Managed .NET Client? I'm specifying all the necessary properties : SSL_CIPHER_SPEC_PROPERTY, SSL_CERT_STORE_PROPERTY, and TRANSPORT_PROPERTY = TRANSPORT_MQSERIES_MANAGED.
Back to top
View user's profile Send private message
hughson
PostPosted: Thu Aug 31, 2017 2:46 pm Post subject: Reply with quote

Shaman

Joined: 09 May 2013
Posts: 728
Location: Bay of Plenty, New Zealand

SSL in .NET in a managed environment is very different from SSL in .NET using the C client underneath (non-managed).

This blog post details what you should do. How does what it says compare to what you did?

MQ v8: SSL connection in Managed MQ .NET

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
tczielke
PostPosted: Fri Sep 01, 2017 4:47 am Post subject: Reply with quote

Yatiri

Joined: 08 Jul 2010
Posts: 652
Location: Illinois, USA

It might help from a debugging standpoint to also set up a non-encrypted channel and see what RPRODUCT value is being displayed in the DIS CHSTATUS on the SVRCONN side. It would help determine if you are really managed, non-managed, the C client, etc.
_________________
MQ administrator since 2010.
Back to top
View user's profile Send private message
mfiorel1
PostPosted: Fri Sep 01, 2017 7:27 am Post subject: Reply with quote

Newbie

Joined: 18 Aug 2017
Posts: 7

Thanks Morag - i followed the config steps based on the blog post. I made no coding changes, and passed in *SYSTEM as my keyrepository. Connection works with SSLCAUTH(OPTIONAL), but I get AMQ9637 with SSLCAUTH(REQUIRED). The below blog post almost exactly identifies this problem and says I must generate my keys with the RSA signature algorithm, and that the java keytool (which I use) may not do this.

http://www-01.ibm.com/support/docview.wss?uid=swg21425309
Back to top
View user's profile Send private message
hughson
PostPosted: Fri Sep 01, 2017 3:53 pm Post subject: Reply with quote

Shaman

Joined: 09 May 2013
Posts: 728
Location: Bay of Plenty, New Zealand

What happens when you do as the tech note suggests? Does it fix your problem?
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
fjb_saper
PostPosted: Sat Sep 02, 2017 8:26 am Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19382
Location: LI,NY

mfiorel1 wrote:
Thanks Morag - i followed the config steps based on the blog post. I made no coding changes, and passed in *SYSTEM as my keyrepository. Connection works with SSLCAUTH(OPTIONAL), but I get AMQ9637 with SSLCAUTH(REQUIRED). The below blog post almost exactly identifies this problem and says I must generate my keys with the RSA signature algorithm, and that the java keytool (which I use) may not do this.

http://www-01.ibm.com/support/docview.wss?uid=swg21425309


The question is more like following:

How do you create your client private key when your repository is *SYSTEM? (and that is more a Micro$oft question...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ SupportManaged .NET Client Connecting with SSL. MQ version 8.0
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.