| Author |
Message
|
| zhaider |
 Posted: Fri Oct 30, 2015 9:21 am Post subject: |
 |
|
Apprentice
Joined: 08 Oct 2015
Posts: 40
|
| Vitor wrote: |
| zhaider wrote: |
| I too think that there's some kind of issue with HTTPS end point and not the SSL configuration. The browser instantaneously displays the page not found error. |
Well one thing occurs to me:
If this bar file is their working application, why are there 2 different URLs exposed? |
Do you think it might be possible that they ran this command on a different execution group on which a different app is deployed? I think that could be possible. |
|
| Back to top |
|
 |
| Vitor |
| Posted: Fri Oct 30, 2015 9:28 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| zhaider wrote: |
| Do you think it might be possible that they ran this command on a different execution group on which a different app is deployed? I think that could be possible. |
I think the need to ask this question calls into question your testing methodology and what the "working" set up is. You can't trust their assertion that "it works just fine" if they don't even know which execution group it runs in.
I repeat my advice to generate your own test application and use that.
I repeat my advice to get that working as a valid end point before considering your SSL configuration.
Or to spell it out, I recommend you get to a point where you receive an SSL error rather than a page not found error before trying to diagnose any SSL problems.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| zhaider |
| Posted: Fri Oct 30, 2015 9:38 am Post subject: |
|
|
Apprentice
Joined: 08 Oct 2015
Posts: 40
|
| Vitor wrote: |
| zhaider wrote: |
| Do you think it might be possible that they ran this command on a different execution group on which a different app is deployed? I think that could be possible. |
I think the need to ask this question calls into question your testing methodology and what the "working" set up is. You can't trust their assertion that "it works just fine" if they don't even know which execution group it runs in.
I repeat my advice to generate your own test application and use that.
I repeat my advice to get that working as a valid end point before considering your SSL configuration.
Or to spell it out, I recommend you get to a point where you receive an SSL error rather than a page not found error before trying to diagnose any SSL problems. |
I agree with you wholeheartedly that I should have generated my own application and then use it to test. The problem is I don't have a development environment or toolkit of my own SO I have to rely on the other department to provide me with the Test apps. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Oct 30, 2015 9:58 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| zhaider wrote: |
| The problem is I don't have a development environment or toolkit of my own SO I have to rely on the other department to provide me with the Test apps. |
See here. Developer Edition is free; all you need is somewhere to run it (I would theorize that wherever you're running the browser from is a candidate).
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| zhaider |
| Posted: Fri Oct 30, 2015 10:07 am Post subject: |
|
|
Apprentice
Joined: 08 Oct 2015
Posts: 40
|
| I know about it. But there's some issue with the IBM's site, at least for Pakistan it has. The link tells me of IIB 9 but I always ends up getting the Message Broker 8. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Oct 30, 2015 12:42 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20767
Location: LI,NY
|
Looking at the link you referenced:
| Quote: |
1. Configure the SSL protocol
First tell the EG which SSL protocol type are using. SSLv3 is the default SSL protocol.
mqsichangeproperties BROKER1 -e <EG Name> -o HTTPSConnector -n sslProtocol -v SSLv3 |
I do hope you realize this is quite ancient now and that SSLv3 is no longer supported (out of the box)?
Like I said look up the procedure for V9 in the infocenter. If you still have a problem after that post again. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| zhaider |
| Posted: Fri Nov 06, 2015 4:38 am Post subject: |
|
|
Apprentice
Joined: 08 Oct 2015
Posts: 40
|
| Vitor wrote: |
| zhaider wrote: |
| The problem is I don't have a development environment or toolkit of my own SO I have to rely on the other department to provide me with the Test apps. |
See here. Developer Edition is free; all you need is somewhere to run it (I would theorize that wherever you're running the browser from is a candidate). |
Okay, I now tried with the sample Temperature Conversion service but the problem persists. |
|
| Back to top |
|
|
| zhaider |
| Posted: Fri Nov 06, 2015 4:41 am Post subject: |
|
|
Apprentice
Joined: 08 Oct 2015
Posts: 40
|
| fjb_saper wrote: |
Looking at the link you referenced:
| Quote: |
1. Configure the SSL protocol
First tell the EG which SSL protocol type are using. SSLv3 is the default SSL protocol.
mqsichangeproperties BROKER1 -e <EG Name> -o HTTPSConnector -n sslProtocol -v SSLv3 |
I do hope you realize this is quite ancient now and that SSLv3 is no longer supported (out of the box)?
Like I said look up the procedure for V9 in the infocenter. If you still have a problem after that post again. |
I pretty much tried everything and every procedure I found to enable SSL on Message Broker and I'm still getting this issue.
Repeated the steps 4-5 times now. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Nov 06, 2015 5:37 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20767
Location: LI,NY
|
Enabling SSL on IIB will not enable SSLV3. Try TLS...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| zhaider |
| Posted: Fri Nov 06, 2015 6:27 am Post subject: |
|
|
Apprentice
Joined: 08 Oct 2015
Posts: 40
|
| fjb_saper wrote: |
| Enabling SSL on IIB will not enable SSLV3. Try TLS... |
I even tried with TLS, still getting the same issue. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Nov 06, 2015 7:13 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| zhaider wrote: |
| I even tried with TLS, still getting the same issue. |
Do you mean by this that you're still getting the page not found error which I indicated quite a while back wasn't an SSL configuration problem but an application problem?
Or do you mean a different same issue?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| zhaider |
| Posted: Fri Nov 06, 2015 11:44 am Post subject: |
|
|
Apprentice
Joined: 08 Oct 2015
Posts: 40
|
| Vitor wrote: |
| zhaider wrote: |
| I even tried with TLS, still getting the same issue. |
Do you mean by this that you're still getting the page not found error which I indicated quite a while back wasn't an SSL configuration problem but an application problem?
Or do you mean a different same issue? |
Yes, I'm still getting the page not found error. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Nov 06, 2015 11:48 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| zhaider wrote: |
| Yes, I'm still getting the page not found error. |
An MQ queue manager never returns that error.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Nov 06, 2015 12:04 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| zhaider wrote: |
| Vitor wrote: |
| zhaider wrote: |
| I even tried with TLS, still getting the same issue. |
Do you mean by this that you're still getting the page not found error which I indicated quite a while back wasn't an SSL configuration problem but an application problem?
Or do you mean a different same issue? |
Yes, I'm still getting the page not found error. |
Then you're still in a position where you're not getting to the exposed endpoint, so sequence dialing through SSL configurations and switching from SSLv3 to TLS will not help because you're not getting as far as trying to perform an SSL handshake with anything.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Nov 06, 2015 12:05 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjeff wrote: |
| zhaider wrote: |
| Yes, I'm still getting the page not found error. |
An MQ queue manager never returns that error. |
And a broker (which the OP is trying to contact) doesn't either.
I keep trying to tell the OP that he's not got the problem he thinks he has, but he doesn't believe me.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
