| Author |
Message
|
| rajmq |
 Posted: Fri Apr 18, 2003 12:57 am Post subject: openssl issues |
 |
|
Partisan
Joined: 29 Sep 2002
Posts: 331
Location: USA
|
Hi
I am using openssl for creating the new certificates.While using openssl i am getting below errors
openssl req -new -x509 -days 365 -text -nodes -out mqssl.pem -keyout mqssl.pem
Using configuration from /usr/local/ssl/openssl.cnf
Unable to load config info
Loading 'screen' into random state - done
Generating a 512 bit RSA private key
..........++++++++++++
................++++++++++++
writing new private key to 'mqssl.pem'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
295:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:./crypto/conf/conf_lib.c:343:
295:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:./crypto/conf/conf_lib.c:343:
295:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:./crypto/conf/conf_lib.c:343:
Can anyone give me suggestion for above probs
regards
raj |
|
| Back to top |
|
 |
| bduncan |
| Posted: Fri Apr 18, 2003 3:33 pm Post subject: |
|
|
Padawan
Joined: 11 Apr 2001
Posts: 1554
Location: Silicon Valley
|
Sounds like openSSL isn't installed properly. Where did you get the distribution, and did you get source or binary? What OS are you on?
_________________
Brandon Duncan
IBM Certified MQSeries Specialist
MQSeries.net forum moderator |
|
| Back to top |
|
|
| rajmq |
| Posted: Fri Apr 18, 2003 10:27 pm Post subject: |
|
|
Partisan
Joined: 29 Sep 2002
Posts: 331
Location: USA
|
Hi
Thanks for ur Reply
1.OS: winNT
2.DownLoadsite site is:
http://sourceforge.net/project/showfiles.php?
group_id=23617&release_id=48801
the following zip files:
openssl-0.9.6b-bin.zip
openssl-0.9.6b-doc.zip
openssl-0.9.6b-lib.zip
openssl-0.9.6b-src.zip
regards
raj |
|
| Back to top |
|
|
| bduncan |
| Posted: Sat Apr 19, 2003 3:55 pm Post subject: |
|
|
Padawan
Joined: 11 Apr 2001
Posts: 1554
Location: Silicon Valley
|
Right, but which package did you actually use?
Did you take openssl-0.9.6b-src.zip and compile it, or did you use openssl-0.9.6b-bin.zip?
Also, doesn't it seem odd that the output says "/usr/local/ssl/openssl.cnf" when you are running on WinNT? It sounds like your openssl thinks it's running on a unix filesystem for some reason...
_________________
Brandon Duncan
IBM Certified MQSeries Specialist
MQSeries.net forum moderator |
|
| Back to top |
|
|
| rajmq |
| Posted: Sat Apr 19, 2003 11:02 pm Post subject: |
|
|
Partisan
Joined: 29 Sep 2002
Posts: 331
Location: USA
|
Hi
Thanks for ur Reply
I used nssl-0.9.6b-bin.zip,after extracting the files, i was tried directly opennssl command, anyway again i will check.
Before trying this openssl i was tried other option,which is downloaded from ur previous post.
http://www.mqseries.net/pafiledb203/pafiledb.php?action=viewfile&fid=53&id=5
Based on the SSL Funcationality demo doc
While doing Step4 Add the Certificate to the QMGR QM1 Certificate store
i am getting following error
C:\>amqmcert -k MY -l
5724-B41 (C) Copyright IBM Corp. 1994, 2002. ALL RIGHTS RESERVED.
Using CURRENT_USER for default system stores.
Enumerating Certificate Stores:
System Store (MY):
------------------
14001: * rakpe5@yahoo.com, GlobalSign Class 1 CA
C:\>amqmcert -a 14001 -m QM1
5724-B41 (C) Copyright IBM Corp. 1994, 2002. ALL RIGHTS RESERVED.
Using CURRENT_USER for default system stores.
Enumerating Certificate Stores:
AMQ4811: This function is not supported.
After installing the CSD01 i was skipped the above step and i followed all steps same from the document.But while starting the channels i am
getting below error
Channel program ended abnormally.
Channel program 'QM1.QM2' ended abnormally.
Look at previous error messages for channel program 'QM1.QM2' in the error files to determine the cause of the failure.
The TCP/IP responder program could not be started.
An attempt was made to start an instance of the responder program, but the program was rejected.
The failure could be because either the subsystem has not been started (in this case you should start the subsystem), or there are too many programs waiting (in this case you should try to start the responder program later). The reason code was 0.
The public key in the issuer's certificate has failed to validate the subject certificate.
The public key in the issuer's certificate (CA or signer certificate), is used to verify the signature on the subject certificate assigned to channel QM1.QM2. This verification has failed, and the subject certificate therefore cannot be used. The WebSphere MQ error recording routine has been called.
Check that the issuer's certificate is valid and available, and that it is up to date. Verify with the certificate's issuer that the subject certificate and issuer certificate should still be valid. If the problem cannot be resolved then use the standard facilities supplied with your system to record the problem identifier and save the generated output files, and then contact your IBM support center. Do not discard these files until the problem has been resolved.
SSL security context expired.
During an SSL operation to encrypt or decrypt a secured message, the SSL security context, which is used to secure communications and was previously established with the remote party, has expired because the remote party has shut down. The secured message has not been encrypted or decrypted. This failure has closed WebSphere MQ channel name '????'. If the name is '????', the name is unknown. The SSL operation was '0x00090317' and its completion code was 'DecryptMessage'.
Determine why the remote party has shut down and if necessary re-start the channel. The shut down might be the result of controlled termination by a system administrator, or the result of an unexpected termination due to an error. The SSL operation is described in the Windows Schannel reference manual.
Pl Can u help for above probs
regards
raj |
|
| Back to top |
|
|
| naylak |
| Posted: Sat Apr 19, 2003 11:21 pm Post subject: regarding openssl issues |
|
|
Apprentice
Joined: 08 Feb 2003
Posts: 47
|
could you please send your configuration file.
with regards
Naylak |
|
| Back to top |
|
|
| rajmq |
| Posted: Sun Apr 20, 2003 12:51 am Post subject: |
|
|
Partisan
Joined: 29 Sep 2002
Posts: 331
Location: USA
|
Hi Naylak
Which configuration file??
I am not getting ur question??
regards
raj |
|
| Back to top |
|
|
| rajmq |
| Posted: Sun Apr 20, 2003 6:19 am Post subject: |
|
|
Partisan
Joined: 29 Sep 2002
Posts: 331
Location: USA
|
Hi to All
Thanks for all ur Reply
Atlast i found the mistakes, Now it is working.
while doing the step6 something i did wrong ,ie reason i got that errors.
But the above implementation is only for Server to Server(QMGR TO QMGR) Communication in NT.
a) But i need to check the AIX and Liunx versions,can anyone
implemented these platforms??
b) and also i need to do test Client and Server SSL Communications.
regards
raj |
|
| Back to top |
|
|
|
|
