ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ SupportMQEdit Question

Post new topicReply to topic
MQEdit Question View previous topic :: View next topic
Author Message
crashdog
PostPosted: Thu Jul 23, 2020 2:45 am Post subject: MQEdit Question Reply with quote

Acolyte

Joined: 02 Apr 2017
Posts: 64

Hello,
I've just downloaded the latest MQEdit 9.1.0 (Jul 19 2020) (Not Licensed).
I experienced some rather odd behavior with TLS connections.
I've got separate key stores for different environments. Namely dev, test, UAT and production.
All connections use CCDT with the same settings (same Ciphers etc..)
The "SSL/TLS Key Repositiory" is set to the path of each key store for the specific queue manager connection.
Now, when I connect to a UAT system, I can also connect to other systems using the same key repository even if the field "SSL/TLS Key Repositiory" is not configured.
BUT... when I've connected to a UAT system and try to connect to a system with the test environment key store (configured correctly in "SSL/TLS Key Repositiory") I get an RC2035 Not Authorized back. The queue manager complaining about my user id not being authorized.

However when I terminate MQEdit and open it again and open the same connection in the test environment first, the connection works... but then I get the same error in the UAT environment when trying to connect there after wards.

Now the really weird thing is that I don't have the same issue with the production environment. Although configured exactly like the others. (Means I can always connect successfully).

So first question, is this some limitation because it's and unlicensed version ? Or would I have the same issue with a licensed one ?

How does MQEdit handle key stores ? does it set the MQSSLKEYR variable or some other mechanism ?

By the way I can parallel connect to UAT and test environment queue managers by opening two cmd (Windows 10 pro) and setting MQSSLKEYR with runmqsc -w nn -c.
Also when using MQ Explorer (JKS).

Kind Regards,
Gerhard
_________________
You win again gravity !
Back to top
View user's profile Send private message
hughson
PostPosted: Thu Jul 23, 2020 2:51 pm Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1504
Location: Bay of Plenty, New Zealand

This is not a license issue. The same thing will happen with any 'C' language application that makes two connections, in the same process, using different key repositories. It is a GSKit behaviour that there can only be one 'active' key repository at a time.

If you configure MQEdit location dialog with SSL/TLS Key Repository then it will go on the MQCONN MQCNO->MQSCO structures, but alternatively you can set MQSSLKEYR environment variables instead. 'C' applications using MQ are happy with either.

Solutions to your issue:
  • Either put all your personal certificates in a single KDB and use that to connect to all queue managers
  • Or, set up startup scripts to run MQEdit for each environment. To be honest, running different instances of the application for your test and production environments is sensible in order to reduce the risk of cross talk between environments.

Feel free to get in touch directly of you want to discuss this further, or need a trial license.

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ SupportMQEdit Question
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.