| Author |
Message
|
| ankurlodhi |
 Posted: Mon Jun 03, 2013 12:31 pm Post subject: how to remove ssl from a channel |
 |
|
Master
Joined: 19 Oct 2010
Posts: 266
|
i have a channel on which i recently configured SSL on is there a way to remove ssl from that channel.
and i have put ssl authentication authentication = optional on it. |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Mon Jun 03, 2013 12:55 pm Post subject: Re: how to remove ssl from a channel |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20745
Location: LI,NY
|
| ankurlodhi wrote: |
i have a channel on which i recently configured SSL on is there a way to remove ssl from that channel.
and i have put ssl authentication authentication = optional on it. |
set the cipher suite blank to remove the SSL config from the channel.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| hughson |
| Posted: Tue Jun 04, 2013 3:27 am Post subject: Re: how to remove ssl from a channel |
|
|
Padawan
Joined: 09 May 2013
Posts: 1951
Location: Bay of Plenty, New Zealand
|
| ankurlodhi wrote: |
| i have a channel on which i recently configured SSL on is there a way to remove ssl from that channel. |
As already noted, blanking out the SSLCIPH field - at both ends - is the controlling attribute for SSL on a channel.
| ankurlodhi wrote: |
| and i have put ssl authentication authentication = optional on it. |
SSLCAUTH(OPTIONAL) only says that SSL connections that don't send a certificate are still allowed to connect to this channel - i.e. anonymous ones. It is still an SSL channel until the cipher spec (SSLCIPH) is removed.
Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Jan 12, 2023 7:33 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5865
Location: UK
|
Sorry to raise an old post.
After clearing the cipherspec from both ends of a sender/receiver channel pair on z/os qm (v9.0) - I can't restart the channel.
Is there a need to refresh ssl or something like that on z/OS?
CSQX558E is the error I get
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Jan 12, 2023 9:44 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20745
Location: LI,NY
|
| zpat wrote: |
Sorry to raise an old post.
After clearing the cipherspec from both ends of a sender/receiver channel pair on z/os qm (v9.0) - I can't restart the channel.
Is there a need to refresh ssl or something like that on z/OS?
CSQX558E is the error I get |
Make sure the channel is stopped and not idle (on both ends). Then verify address and port are reachable and restart the channel, starting with the receiver, then the sender.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Jan 12, 2023 11:41 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5865
Location: UK
|
Thanks, not often that I would think to start the receiver channel by hand.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Jan 13, 2023 1:57 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20745
Location: LI,NY
|
| zpat wrote: |
| Thanks, not often that I would think to start the receiver channel by hand. |
You need to stop the channel to make it take the change. Including the receiver channel. If you just leave it inactive you are not implementing the change...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| hughson |
| Posted: Sun Jan 15, 2023 7:32 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1951
Location: Bay of Plenty, New Zealand
|
| zpat wrote: |
After clearing the cipherspec from both ends of a sender/receiver channel pair on z/os qm (v9.0) - I can't restart the channel.
Is there a need to refresh ssl or something like that on z/OS?
CSQX558E is the error I get |
Error message CSQX558E is just telling you that the receiver end is (most likely) stopped. Check the error messages at the receiver end to see exactly the reason for the problem. This is nothing to do with SSL, probably just you stopped the receiver and thus put it into STATUS(STOPPED).
Remember that you can use STOP CHANNEL(chl-name) STATUS(INACTIVE) MODE(FORCE) to immediately stop a receiver channel, but leave it capable to being restarted by a sender again next time it needs to be.
There is no need to make sure the channel is STATUS(STOPPED) at both ends before restarting them again. Just make sure the channel is not running - STATUS(INACTIVE) is not running, and then start it up again.
If you have a receiver channel in STATUS(STOPPED) you can re-enable it again with either of the following commands issued against the RECEIVER channel:-
START CHANNEL(chlname)
or
STOP CHANNEL(chlname) STATUS(INACTIVE)
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| Liand1 |
| Posted: Sat Mar 02, 2024 6:55 am Post subject: |
|
|
Newbie
Joined: 02 Mar 2024
Posts: 3
|
To remove SSL (Secure Sockets Layer) from a channel, you would typically follow these steps:
Access Channel Settings: Log in to your server or application where the SSL is configured for the channel. Navigate to the settings or configuration menu for the specific channel you want to modify.
Locate SSL Configuration: Look for the section or option related to SSL configuration for the channel. This could be labeled as "SSL Settings," "Security Settings," or something similar, depending on the platform you're using.
Disable SSL: Within the SSL configuration settings, there should be an option to disable or turn off SSL for the channel. This may be represented by a checkbox, toggle switch, or dropdown menu.
Save Changes: Once you've disabled SSL for the channel, be sure to save the changes. This usually involves clicking a "Save" or "Apply" button within the settings interface.
Restart Channel (if necessary): Depending on the application or server configuration, you may need to restart the channel or the entire application for the changes to take effect. This step ensures that the channel operates without SSL after it's been disabled.
Test the Channel: After disabling SSL, it's essential to test the channel to ensure that it's functioning correctly without SSL encryption. You can do this by attempting to access the channel through a web browser or application to verify that it's accessible and working as expected.
By following these steps, you can successfully remove SSL from a channel, thereby allowing communication to occur without encryption. However, be sure to consider the security implications of disabling SSL, as it may expose sensitive data to potential risks if transmitted over unencrypted channels. |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Wed Mar 06, 2024 3:21 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2536
Location: Melbourne, Australia
|
Hi Liand1,
That's a thoughtful and detailed reply, but this process really only applies to a MQ Client application that has built-in capability to configure the CLNTCONN channel connection (rather than relying on mqclient.ini, CCDT, environment variables etc.).
If SSL/TLS is being used on MQ sender/receiver etc. channels, the process will be to use the MQ administration tools (runmqsc, ISPF, MO71 etc) to reconfigure and restart the channels, not what you stated.
Restarting the channel is necessary, as any running channel has its own copy of the channel configuration, and runs with those settings.
If the channel is not running (ie. its inactive) at the time of the change, the changes will take effect next time the channel starts.
_________________
Glenn |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Mar 06, 2024 5:59 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9444
Location: US: west coast, almost. Otherwise, enroute.
|
I figured Liand1 was an AI-generated post.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Thu Mar 07, 2024 2:05 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2536
Location: Melbourne, Australia
|
| bruce2359 wrote: |
| I figured Liand1 was an AI-generated post. |
So did I, but it seemed to be quite factual, whereas other AI generated posts by new users were basically regurgitated rubbish.
@Liand1, do you care to introduce yourself to the forum?
_________________
Glenn |
|
| Back to top |
|
|
|
|
