| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Possible to use keystore cert with AMQSSSLC command? |
« View previous topic :: View next topic » |
| Author |
Message
|
| codeguy03 |
 Posted: Sat Jun 05, 2021 9:50 am Post subject: Possible to use keystore cert with AMQSSSLC command? |
 |
|
Newbie
Joined: 05 Jun 2021
Posts: 6
|
I am trying to test out my ssl connection before I get into working with .Net dll for MQ.
I have a key.kdb file and it works but our standard is to only use a a certificate from the windows keystore. My friendly name is ibmwebspheremqmyloginid
When I run this command it doesn't work. I get a 2393 code
AMQSSSLC -m QM1 -c QM1SVRCONN -x localhost
-k "*SYSTEM" -s TLS_RSA_WITH_AES_128_CBC_SHA256
-o http://dummy.OCSP.responder
This does work with the actual kdb file. I get connection successful
AMQSSSLC -m QM1 -c QM1SVRCONN -x localhost
-k "C:\certs\key" -s TLS_RSA_WITH_AES_128_CBC_SHA256
-o http://dummy.OCSP.responder
Last edited by codeguy03 on Sat Jun 05, 2021 8:40 pm; edited 2 times in total |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Sat Jun 05, 2021 4:14 pm Post subject: Re: Possible to use keystore cert with AMQSSSLC command? |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9396
Location: US: west coast, almost. Otherwise, enroute.
|
| codeguy03 wrote: |
When I run this command it doesn't work
AMQSSSLC ... -k *SYSTEM ... |
Insufficient information for us to help you.
What makes you believe that it didn’t work? No response whatsoever? Some kind of error message?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| codeguy03 |
| Posted: Sat Jun 05, 2021 8:35 pm Post subject: Re: Possible to use keystore cert with AMQSSSLC command? |
|
|
Newbie
Joined: 05 Jun 2021
Posts: 6
|
| bruce2359 wrote: |
| codeguy03 wrote: |
When I run this command it doesn't work
AMQSSSLC ... -k *SYSTEM ... |
Insufficient information for us to help you.
What makes you believe that it didn’t work? No response whatsoever? Some kind of error message? |
Hi so the one that does work using the local kdb file, i get a connection successful.
The one that tries to use the certificate in the windows keystore with the *SYSTEM flag, gives me and error 2393. MQRC_SSL_INITIALIZATION_ERROR.
So im really not sure if that flag is correct.
If anyone is able to use amqssslc command with a certificate from the windows keystore please let me know or if possible please post the correct syntax for it if you can. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sun Jun 06, 2021 12:21 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9396
Location: US: west coast, almost. Otherwise, enroute.
|
What documentation are you following for running the amqssslc supplied application?
What error did you find in the MQ error log file on the client?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| hughson |
| Posted: Sun Jun 06, 2021 5:51 pm Post subject: Re: Possible to use keystore cert with AMQSSSLC command? |
|
|
Padawan
Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand
|
| codeguy03 wrote: |
| I am trying to test out my ssl connection before I get into working with .Net dll for MQ. |
The IBM Supplied amqssslc sample is written in C. To use certificates with the IBM MQ C Client, you must use a kdb. This is why amqssslc works with a kdb but not with a *SYSTEM store. If you look at the supplied code for the sample, you will see that the value provided in the -k parameter MUST be a path and file name (without stem) of a kdb file. This means that the string you are providing "*SYSTEM" is being interpreted as a KDB called ".\*SYSTEM.kdb" and clearly that doesn't exist on your system. It is not interpreting it as "Use the System" store because that behaviour is only available in .Net.
If you are wanting to test your SSL connection before you write a .Net application, you would need to find a .NET sample, not a C sample.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
