| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Cannot use SSL on Windows |
« View previous topic :: View next topic » |
| Author |
Message
|
| rmah |
 Posted: Thu May 28, 2009 12:10 pm Post subject: Cannot use SSL on Windows |
 |
|
Centurion
Joined: 04 May 2007
Posts: 142
|
Hi,
What permissions are needed on the folder containing the SSL key files on Windows? I'm getting the following error when trying to start a channel that uses SSL:
----- amqrmrsa.c : 459 --------------------------------------------------------
5/28/2009 12:59:36 - Process(5220. User(MUSR_MQADMIN) Program(amqrmppa.exe)
AMQ9637: Channel is lacking a certificate.
EXPLANATION:
The channel is lacking a certificate to use for the SSL handshake. The channel
name is '????' (if '????' it is unknown at this stage in the SSL processing).
The channel did not start.
ACTION:
Make sure the appropriate certificates are correctly configured in the key
repositories for both ends of the channel.
If you have migrated from WebSphere MQ V5.3 to V6, it is possible that the
missing certificate is due to a failure during SSL key repository migration.
Check the relevant error logs. If these show that an orphan certificate was
encountered then you should obtain the relevant missing certification authority
(signer) certificates and then import these and the orphan certificate into the
WebSphere MQ V6 key repository, and then re-start the channel.
My key files are in c:\mqm\ssl\ and I have c:\mqm\ssl\key as the location of the key repository in my queue manager properties.
The local group 'mqm' and the local user 'MUSR_MQADMIN' have read rights on the folder and key files.
Please help? I've never had success with SSL for MQ in Windows.
Thanks!  |
|
| Back to top |
|
 |
| rmah |
| Posted: Thu May 28, 2009 12:30 pm Post subject: Re: Cannot use SSL on Windows |
|
|
Centurion
Joined: 04 May 2007
Posts: 142
|
| rmah wrote: |
Hi,
What permissions are needed on the folder containing the SSL key files on Windows? I'm getting the following error when trying to start a channel that uses SSL:
----- amqrmrsa.c : 459 --------------------------------------------------------
5/28/2009 12:59:36 - Process(5220. User(MUSR_MQADMIN) Program(amqrmppa.exe)
AMQ9637: Channel is lacking a certificate.
EXPLANATION:
The channel is lacking a certificate to use for the SSL handshake. The channel
name is '????' (if '????' it is unknown at this stage in the SSL processing).
The channel did not start.
ACTION:
Make sure the appropriate certificates are correctly configured in the key
repositories for both ends of the channel.
If you have migrated from WebSphere MQ V5.3 to V6, it is possible that the
missing certificate is due to a failure during SSL key repository migration.
Check the relevant error logs. If these show that an orphan certificate was
encountered then you should obtain the relevant missing certification authority
(signer) certificates and then import these and the orphan certificate into the
WebSphere MQ V6 key repository, and then re-start the channel.
My key files are in c:\mqm\ssl\ and I have c:\mqm\ssl\key as the location of the key repository in my queue manager properties.
The local group 'mqm' and the local user 'MUSR_MQADMIN' have read rights on the folder and key files.
Please help? I've never had success with SSL for MQ in Windows.
Thanks! |
I think I may have found the error.
My queue manager name is all caps, so I requested a certificate with the label ibmwebspheremqALLCAPSQUEUEMANAGERNAME. I think the correct label should be ibmwebspheremqallcapsqueuemanagername, regardless if the queue manager name is in all caps or not.
_________________
MQ 6.0.2.3
Broker 6.0.0.7
for Linux |
|
| Back to top |
|
|
| exerk |
| Posted: Thu May 28, 2009 1:28 pm Post subject: Re: Cannot use SSL on Windows |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| rmah wrote: |
I think I may have found the error.
My queue manager name is all caps, so I requested a certificate with the label ibmwebspheremqALLCAPSQUEUEMANAGERNAME. I think the correct label should be ibmwebspheremqallcapsqueuemanagername, regardless if the queue manager name is in all caps or not. |
As stated in the manual in regard to that platform...also, you may wish to look HERE for further information.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
