How to connect to a queue manager with ssl enabled server connection channel when authentication is

Posted by Dr. Xray on Stack Overflow See other posts from Stack Overflow or by Dr. Xray
Published on 2009-11-30T17:57:41Z Indexed on 2010/03/31 1:23 UTC
Read the original article Hit count: 440

Filed under:

ibm-mq

|

ssl

|

jsse

I am trying to write a java application connecting to server connection channel with SSL enabled.

So far, I have been successfully connected to the channel by setting authentication to 'optional'. However, when I set it to be 'required', the connection fails.

Here is what I did:

Create key db for queue manager and keystore for the java client user.
Create key/self-signed certificates for the queue manager and the client user, with names prefixed ibmwebspheremq.
Export, exchange and import certificates for the queue manager and the client. (I did answered 'yes' when being asked whether I trust the queue manager cert).
The location and password to the truststore and keystore are set to point to the same keystore at the client side, where the orgininal created client user key and the imported queue manager key are.

With other settings being the same, if I switch back to 'optional' authentication, the connection works.

I think there is something I understand incorrectly about this ssl authenticaion but cannot figure out what.

Could someone kindly help me?

© Stack Overflow or respective owner

Related posts about ibm-mq

IBM MQ corrupted messages

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I posted the question below in the forum and now I am asking another question in the hope that I get some pointers to my answers. my previous post Ok lets begin: Now the problem is like this: OS: Linux 1. I post messages to the IBM MQ 2. The some random messages in the queue get randomly… >>> More
.NET client connecting to IBM MQ over SSL

as seen on Stack Overflow - Search for 'Stack Overflow'
I got key files from our client where I need to use them to connect to MQ over SSL. The files we have got from client are: xxx.crl xxx.kdb xxx.rdb xxx.sth xxx.tab They said client channel table in that. I am trying to connect using the below code. And they are saying I don't need to specify… >>> More
Websphere MQ 7.0 + jars compatible with 5.3 and 6.0 MQSeries servers ?

as seen on Stack Overflow - Search for 'Stack Overflow'
I tried connecting jms client with 5.3 / 6.0 MQseries client jars to 7.0+ server, but it threw follwoing exception com.ibm.mq.MQException: MQJE001: Completion Code 2, Reason 2423 at com.ibm.mq.MQQueueManager.sequentialConstruct(MQQueueManager.java:904) at com.ibm.mq.MQQueueManager.(MQQueueManager… >>> More
B2B communication using IBM MQ

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Oracle B2B 11g, provides the out-of-the box ability to connect to IBM MQ to exchange the message. This is support is provided via JMS offering of Oracle B2B. This is an addition to the stack of existing communication capabilities of B2B with trading partners. There are 2 ways of connecting to IBM… >>> More
SSIS and IBM MQ Series integration

as seen on Stack Overflow - Search for 'Stack Overflow'
I am in the process of exploring integration between SSIS and IBM MQ Series. Can some point me to some artical for integration. >>> More

Related posts about ssl

Plesk SSL Certificate (Default cert when SSL enabled, CORRECT cert when SSL is disabled)

as seen on Server Fault - Search for 'Server Fault'
I'm running Plesk 8.6.0: I have an SSL cert installed through Plesk's admin interface. But I have a bit of an issue: When I enabled SSL for the site, and selected my cert, then restart httpd, Plesk defaults to using my self-signed default certificate. Conversely, when I disable SSL support for the… >>> More
apache renew ssl not working [on hold]

as seen on Server Fault - Search for 'Server Fault'
Downloaded a new ssl cert from go daddy and installed the cert on apache2 server put the cert in /etc/ssl/certs/ folder put the gd_bundle.crt in the /etc/ssl/ folder private key is in /etc/ssl/private/private.key I just replaced the original files with the new files, did not replace the private… >>> More
Cant connect to mysql using self signed SSL certificate

as seen on Server Fault - Search for 'Server Fault'
After creating a self-signed SSL certificate, I have configured my remote mysqld to use them (and ssl is enabled) I ssh into my remote server, and try connecting to its own mysqld using ssl (mysql server is 5.5.25).. ~> mysql -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client… >>> More
How to log invalid client SSL certificate in SSL

as seen on Server Fault - Search for 'Server Fault'
I have a IIS web site which requires client certificate. I have turned off CRL checking. The client is unable to access the web site - he gets 403.17 (certificate expired) error. I would like to log the certificate he is using, becaue I think he is using the wrong certificate. Is there a way to… >>> More
Mixing SSL and non-SSL content in an Apache2 virtual host

as seen on Server Fault - Search for 'Server Fault'
I have a (hopefully) common scenario for one of my sites that I just can't seem to figure out how to deploy correctly. I have the following site and directories for example.com: These need to require SSL: /var/www/example.com/admin /var/www/example.com/order These need to be non-SSL: /var/www/example… >>> More