ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General Discussion » how to remove ssl from a channel

Post new topic  Reply to topic
 how to remove ssl from a channel « View previous topic :: View next topic » 
Author Message
ankurlodhi
PostPosted: Mon Jun 03, 2013 12:31 pm    Post subject: how to remove ssl from a channel Reply with quote

Master

Joined: 19 Oct 2010
Posts: 266

i have a channel on which i recently configured SSL on is there a way to remove ssl from that channel.

and i have put ssl authentication authentication = optional on it.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Jun 03, 2013 12:55 pm    Post subject: Re: how to remove ssl from a channel Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

ankurlodhi wrote:
i have a channel on which i recently configured SSL on is there a way to remove ssl from that channel.

and i have put ssl authentication authentication = optional on it.

set the cipher suite blank to remove the SSL config from the channel.

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
hughson
PostPosted: Tue Jun 04, 2013 3:27 am    Post subject: Re: how to remove ssl from a channel Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

ankurlodhi wrote:
i have a channel on which i recently configured SSL on is there a way to remove ssl from that channel.
As already noted, blanking out the SSLCIPH field - at both ends - is the controlling attribute for SSL on a channel.

ankurlodhi wrote:
and i have put ssl authentication authentication = optional on it.
SSLCAUTH(OPTIONAL) only says that SSL connections that don't send a certificate are still allowed to connect to this channel - i.e. anonymous ones. It is still an SSL channel until the cipher spec (SSLCIPH) is removed.

Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
zpat
PostPosted: Thu Jan 12, 2023 7:33 pm    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5849
Location: UK

Sorry to raise an old post.

After clearing the cipherspec from both ends of a sender/receiver channel pair on z/os qm (v9.0) - I can't restart the channel.

Is there a need to refresh ssl or something like that on z/OS?

CSQX558E is the error I get
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Thu Jan 12, 2023 9:44 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

zpat wrote:
Sorry to raise an old post.

After clearing the cipherspec from both ends of a sender/receiver channel pair on z/os qm (v9.0) - I can't restart the channel.

Is there a need to refresh ssl or something like that on z/OS?

CSQX558E is the error I get

Make sure the channel is stopped and not idle (on both ends). Then verify address and port are reachable and restart the channel, starting with the receiver, then the sender.


_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
zpat
PostPosted: Thu Jan 12, 2023 11:41 pm    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5849
Location: UK

Thanks, not often that I would think to start the receiver channel by hand.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Fri Jan 13, 2023 1:57 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

zpat wrote:
Thanks, not often that I would think to start the receiver channel by hand.

You need to stop the channel to make it take the change. Including the receiver channel. If you just leave it inactive you are not implementing the change...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
hughson
PostPosted: Sun Jan 15, 2023 7:32 pm    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

zpat wrote:
After clearing the cipherspec from both ends of a sender/receiver channel pair on z/os qm (v9.0) - I can't restart the channel.

Is there a need to refresh ssl or something like that on z/OS?

CSQX558E is the error I get

Error message CSQX558E is just telling you that the receiver end is (most likely) stopped. Check the error messages at the receiver end to see exactly the reason for the problem. This is nothing to do with SSL, probably just you stopped the receiver and thus put it into STATUS(STOPPED).

Remember that you can use STOP CHANNEL(chl-name) STATUS(INACTIVE) MODE(FORCE) to immediately stop a receiver channel, but leave it capable to being restarted by a sender again next time it needs to be.

There is no need to make sure the channel is STATUS(STOPPED) at both ends before restarting them again. Just make sure the channel is not running - STATUS(INACTIVE) is not running, and then start it up again.

If you have a receiver channel in STATUS(STOPPED) you can re-enable it again with either of the following commands issued against the RECEIVER channel:-

START CHANNEL(chlname)

or

STOP CHANNEL(chlname) STATUS(INACTIVE)

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
Liand1
PostPosted: Sat Mar 02, 2024 6:55 am    Post subject: Reply with quote

Newbie

Joined: 02 Mar 2024
Posts: 1

To remove SSL (Secure Sockets Layer) from a channel, you would typically follow these steps:

Access Channel Settings: Log in to your server or application where the SSL is configured for the channel. Navigate to the settings or configuration menu for the specific channel you want to modify.

Locate SSL Configuration: Look for the section or option related to SSL configuration for the channel. This could be labeled as "SSL Settings," "Security Settings," or something similar, depending on the platform you're using.

Disable SSL: Within the SSL configuration settings, there should be an option to disable or turn off SSL for the channel. This may be represented by a checkbox, toggle switch, or dropdown menu.

Save Changes: Once you've disabled SSL for the channel, be sure to save the changes. This usually involves clicking a "Save" or "Apply" button within the settings interface.

Restart Channel (if necessary): Depending on the application or server configuration, you may need to restart the channel or the entire application for the changes to take effect. This step ensures that the channel operates without SSL after it's been disabled.

Test the Channel: After disabling SSL, it's essential to test the channel to ensure that it's functioning correctly without SSL encryption. You can do this by attempting to access the channel through a web browser or application to verify that it's accessible and working as expected.

By following these steps, you can successfully remove SSL from a channel, thereby allowing communication to occur without encryption. However, be sure to consider the security implications of disabling SSL, as it may expose sensitive data to potential risks if transmitted over unencrypted channels.
Back to top
View user's profile Send private message
gbaddeley
PostPosted: Wed Mar 06, 2024 3:21 pm    Post subject: Reply with quote

Jedi

Joined: 25 Mar 2003
Posts: 2492
Location: Melbourne, Australia

Hi Liand1,
That's a thoughtful and detailed reply, but this process really only applies to a MQ Client application that has built-in capability to configure the CLNTCONN channel connection (rather than relying on mqclient.ini, CCDT, environment variables etc.).

If SSL/TLS is being used on MQ sender/receiver etc. channels, the process will be to use the MQ administration tools (runmqsc, ISPF, MO71 etc) to reconfigure and restart the channels, not what you stated.

Restarting the channel is necessary, as any running channel has its own copy of the channel configuration, and runs with those settings.
If the channel is not running (ie. its inactive) at the time of the change, the changes will take effect next time the channel starts.
_________________
Glenn
Back to top
View user's profile Send private message
bruce2359
PostPosted: Wed Mar 06, 2024 5:59 pm    Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 9394
Location: US: west coast, almost. Otherwise, enroute.

I figured Liand1 was an AI-generated post.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live.
Back to top
View user's profile Send private message
gbaddeley
PostPosted: Thu Mar 07, 2024 2:05 pm    Post subject: Reply with quote

Jedi

Joined: 25 Mar 2003
Posts: 2492
Location: Melbourne, Australia

bruce2359 wrote:
I figured Liand1 was an AI-generated post.

So did I, but it seemed to be quite factual, whereas other AI generated posts by new users were basically regurgitated rubbish.

@Liand1, do you care to introduce yourself to the forum?
_________________
Glenn
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General Discussion » how to remove ssl from a channel
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.