ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexIBM MQ Java / JMSCan't connect to MQ using Hermes with SSL

Post new topicReply to topic
Can't connect to MQ using Hermes with SSL View previous topic :: View next topic
Author Message
rikardo.miguel
PostPosted: Thu Mar 07, 2019 1:46 am Post subject: Can't connect to MQ using Hermes with SSL Reply with quote

Newbie

Joined: 31 Oct 2018
Posts: 4

Hi,

I'm trying to use Hermes in order to connect to a remote MQ Queue Manager.

I tried two approachs using MQConnectionFactory:

1- With the following parameters:
- SSLCipherSuite - ECDHE_RSA_AES_128_CBC_SHA256
- channel - MQ_CONF_CHANNEL
- hostName - SERVER_HOSTNME
- port - SERVER_PORT
- queueManager - QM_NAME
- transportType - 1

In this case i get the following error on MQ Server:
EXPLANATION:
AMQ9639E: Remote channel 'MQ_CONF_CHANNEL' did not specify a CipherSpec.

2- With the following parameters:
- CCDTURL - file://TAB_FILE_LOCATION.TAB
- queueManager - QM_NAME
- transportType - 1

This TAB file works with RFHutil but here Hermes keeps trying to connect to localhost, even when i set the transportType to client (1):
CC=2;RC=2538;AMQ9204: Connection to host 'localhost(1414)'

On boath approachs i'm running Hermes within a IBM JRE and when starting up i've added the following parameters:
-Djavax.net.ssl.keyStore="C:\Software\HermesJMS\bin\keystore.jks" -Djavax.net.ssl.keyStorePassword=password

Any idea?

Thanks
Back to top
View user's profile Send private message
hughson
PostPosted: Thu Mar 07, 2019 12:01 pm Post subject: Re: Can't connect to MQ using Hermes with SSL Reply with quote

Grand Master

Joined: 09 May 2013
Posts: 1005
Location: Bay of Plenty, New Zealand

Hi there,

Using SSL/TLS is not something that you can only configure at one end. You will have to make changes at both the client end and the queue manager end.

rikardo.miguel wrote:
1- With the following parameters:
- SSLCipherSuite - ECDHE_RSA_AES_128_CBC_SHA256
- channel - MQ_CONF_CHANNEL
- hostName - SERVER_HOSTNAME
- port - SERVER_PORT
- queueManager - QM_NAME
- transportType - 1

In this case i get the following error on MQ Server:
EXPLANATION:
AMQ9639E: Remote channel 'MQ_CONF_CHANNEL' did not specify a CipherSpec.


This error message is very clear. It is telling you that on the queue manager the channel of TYPE(SVRCONN) is not specifying a cipher spec. You need to issue the following command on the queue manager to rectify this:-

Code:
ALTER CHANNEL(MQ_CONF_CHANNEL) CHLTYPE(SVRCONN) SSLCIPH(ECDHE_RSA_AES_128_CBC_SHA256)


rikardo.miguel wrote:
2- With the following parameters:
- CCDTURL - file://TAB_FILE_LOCATION.TAB
- queueManager - QM_NAME
- transportType - 1

This TAB file works with RFHutil but here Hermes keeps trying to connect to localhost, even when i set the transportType to client (1):
CC=2;RC=2538;AMQ9204: Connection to host 'localhost(1414)'

On boath approachs i'm running Hermes within a IBM JRE and when starting up i've added the following parameters:
-Djavax.net.ssl.keyStore="C:\Software\HermesJMS\bin\keystore.jks" -Djavax.net.ssl.keyStorePassword=password

This second one suggests that Hermes is not making use of the CCDT. I am not familiar enough with Hermes to know if it supports using the CCDT. Given how long CCDTs have been around, it would surprise me if it didn't.

The parameters that you list here - are they Hermes parameters? Could you give us a little context on where/what the parameters are?

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
RogerLacroix
PostPosted: Thu Mar 07, 2019 1:33 pm Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3106
Location: London, ON Canada

Hermes has not been updated in 8 years. I thought I read a long time ago, that the Hermes developer is no longer with us.

You probably want to consider using a different tool. You can find a list of similar tools here.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexIBM MQ Java / JMSCan't connect to MQ using Hermes with SSL
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.