ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ Supportamqsputc SSL connection failing at Sample AMQSPUT0 start

Post new topicReply to topic
amqsputc SSL connection failing at Sample AMQSPUT0 start View previous topic :: View next topic
Author Message
bronsonlg
PostPosted: Tue Nov 06, 2018 1:40 pm Post subject: amqsputc SSL connection failing at Sample AMQSPUT0 start Reply with quote

Newbie

Joined: 06 Nov 2018
Posts: 3

Currently stumped here with client SSL connection to QM...

trying to amqsputc QUEUE1 QM1
results are

amqsputc QUEUE1 QM1
Sample AMQSPUT0 start

** Never get target reference "target queue is QUEUE1"

just hangs at Sample AMQSPUT0 start.... Any ideas?

Remove the SSLCIPH value and all works fine.


Here are my details:
CHANNEL(SSL.CHANNEL) CHLTYPE(SVRCONN)
ALTDATE(2018-11-06) ALTTIME(15.22.45)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) DESCR( )
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER(mqm) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(OPTIONAL)
SSLCIPH(TLS_RSA_WITH_AES_256_CBC_SHA256)
SSLPEER( ) TRPTYPE(TCP)


CHANNEL(SSL.CHANNEL) CHLTYPE(CLNTCONN)
AFFINITY(PREFERRED) ALTDATE(2018-11-06)
ALTTIME(15.22.46) CERTLABL( )
CLNTWGHT(0) COMPHDR(NONE)
COMPMSG(NONE)
CONNAME(hostname.company.com(1420))
DEFRECON(NO) DESCR( )
HBINT(300) KAINT(AUTO)
LOCLADDR( ) MAXMSGL(4194304)
MODENAME( ) PASSWORD( )
QMNAME(QM1) RCVDATA( )
RCVEXIT( ) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SHARECNV(10)
SSLCIPH(TLS_RSA_WITH_AES_256_CBC_SHA256)
SSLPEER( ) TPNAME( )
TRPTYPE(TCP) USERID( )


CCDT is copied to client host.
Env variables set to the following:
PATH=$PATH:$HOME/.local/bin:$HOME/bin:/apps/opt/mqm/samp/bin
unset MQSERVER
export MQCHLLIB="/home/mqm/client_test/"
export MQCHLTAB=AMQCLCHL.TAB
export MQSSLKEYR="/home/mqm/client_test/key"

-rwxrwxrwx 1 mqm mqm 8400 Nov 6 15:27 AMQCLCHL.TAB
-rwxrwxr-x 1 mqm mqm 88 Nov 6 11:46 key.crl
-rwxrwxr-x 1 mqm mqm 10088 Nov 6 11:46 key.kdb
-rwxrwxr-x 1 mqm mqm 5088 Nov 6 11:46 key.rdb
-rwxrwxr-x 1 mqm mqm 129 Nov 6 11:46 key.sth
Back to top
View user's profile Send private message
bruce2359
PostPosted: Tue Nov 06, 2018 2:32 pm Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 8187
Location: US: west coast, almost. Otherwise, enroute.

And you did a refresh security type ssl? Or restarted the qmgr?
_________________
I would tell you a UDP joke, but you might not get it.
Back to top
View user's profile Send private message
hughson
PostPosted: Tue Nov 06, 2018 3:12 pm Post subject: Reply with quote

Sentinel

Joined: 09 May 2013
Posts: 840
Location: Bay of Plenty, New Zealand

Is the channel running on the queue manager:-
Code:
DISPLAY CHSTATUS(SSL.CHANNEL) STATUS SUBSTATE

What does SUBSTATE show. I expect SSLHANDSK.

Do you have OCSP checking on, and unable to reach the target URL in the certificate? A regular causer of SSL/TLS channels hanging in a handshake.

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
bronsonlg
PostPosted: Wed Nov 07, 2018 4:33 am Post subject: Reply with quote

Newbie

Joined: 06 Nov 2018
Posts: 3

bruce2359 wrote:
And you did a refresh security type ssl? Or restarted the qmgr?


Yes Both
Back to top
View user's profile Send private message
bronsonlg
PostPosted: Wed Nov 07, 2018 4:35 am Post subject: Reply with quote

Newbie

Joined: 06 Nov 2018
Posts: 3

hughson wrote:
Is the channel running on the queue manager:-
Code:
DISPLAY CHSTATUS(SSL.CHANNEL) STATUS SUBSTATE

What does SUBSTATE show. I expect SSLHANDSK.

Do you have OCSP checking on, and unable to reach the target URL in the certificate? A regular causer of SSL/TLS channels hanging in a handshake.

Cheers,
Morag


DIS CHS results:
AMQ8420: Channel Status not found.

qm.ini snip
SSL:
OCSPAuthentication=OPTIONAL
OCSPCheckExtensions=NO
Back to top
View user's profile Send private message
bruce2359
PostPosted: Wed Nov 07, 2018 5:28 am Post subject: Re: amqsputc SSL connection failing at Sample AMQSPUT0 start Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 8187
Location: US: west coast, almost. Otherwise, enroute.

What version/release/mod of MQ on client? Server?

What errors in the MQ client-side ERRORS directory/folder?
_________________
I would tell you a UDP joke, but you might not get it.
Back to top
View user's profile Send private message
hughson
PostPosted: Wed Nov 07, 2018 9:02 pm Post subject: Reply with quote

Sentinel

Joined: 09 May 2013
Posts: 840
Location: Bay of Plenty, New Zealand

bronsonlg wrote:
hughson wrote:
Is the channel running on the queue manager:-
Code:
DISPLAY CHSTATUS(SSL.CHANNEL) STATUS SUBSTATE

What does SUBSTATE show. I expect SSLHANDSK.


DIS CHS results:
AMQ8420: Channel Status not found.

That is very odd. If your channel is not even running while your sample application sits in this state ....
bronsonlg wrote:
trying to amqsputc QUEUE1 QM1
results are

amqsputc QUEUE1 QM1
Sample AMQSPUT0 start

** Never get target reference "target queue is QUEUE1"

just hangs at Sample AMQSPUT0 start

... then that means the connection has not made it to the queue manager (otherwise you would see a SVRCONN channel in STATUS(BINDING) and some SUBSTATE.

Normally with no visible evidence of the connection at the queue manager and I would be telling to check your hostname etc. However you say:-
bronsonlg wrote:
Remove the SSLCIPH value and all works fine.


Could you describe how you remove the SSLCIPH value?

bronsonlg wrote:
hughson wrote:
Do you have OCSP checking on, and unable to reach the target URL in the certificate? A regular causer of SSL/TLS channels hanging in a handshake.


qm.ini snip
SSL:
OCSPAuthentication=OPTIONAL
OCSPCheckExtensions=NO

What about in your mqclient.ini file? The client side of the connection could also be doing OCSP.

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ Supportamqsputc SSL connection failing at Sample AMQSPUT0 start
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.