| Author |
Message
|
| bronsonlg |
 Posted: Tue Nov 06, 2018 1:40 pm Post subject: amqsputc SSL connection failing at Sample AMQSPUT0 start |
 |
|
Newbie
Joined: 06 Nov 2018
Posts: 3
|
Currently stumped here with client SSL connection to QM...
trying to amqsputc QUEUE1 QM1
results are
amqsputc QUEUE1 QM1
Sample AMQSPUT0 start
** Never get target reference "target queue is QUEUE1"
just hangs at Sample AMQSPUT0 start.... Any ideas?
Remove the SSLCIPH value and all works fine.
Here are my details:
CHANNEL(SSL.CHANNEL) CHLTYPE(SVRCONN)
ALTDATE(2018-11-06) ALTTIME(15.22.45)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) DESCR( )
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER(mqm) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(OPTIONAL)
SSLCIPH(TLS_RSA_WITH_AES_256_CBC_SHA256)
SSLPEER( ) TRPTYPE(TCP)
CHANNEL(SSL.CHANNEL) CHLTYPE(CLNTCONN)
AFFINITY(PREFERRED) ALTDATE(2018-11-06)
ALTTIME(15.22.46) CERTLABL( )
CLNTWGHT(0) COMPHDR(NONE)
COMPMSG(NONE)
CONNAME(hostname.company.com(1420))
DEFRECON(NO) DESCR( )
HBINT(300) KAINT(AUTO)
LOCLADDR( ) MAXMSGL(4194304)
MODENAME( ) PASSWORD( )
QMNAME(QM1) RCVDATA( )
RCVEXIT( ) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SHARECNV(10)
SSLCIPH(TLS_RSA_WITH_AES_256_CBC_SHA256)
SSLPEER( ) TPNAME( )
TRPTYPE(TCP) USERID( )
CCDT is copied to client host.
Env variables set to the following:
PATH=$PATH:$HOME/.local/bin:$HOME/bin:/apps/opt/mqm/samp/bin
unset MQSERVER
export MQCHLLIB="/home/mqm/client_test/"
export MQCHLTAB=AMQCLCHL.TAB
export MQSSLKEYR="/home/mqm/client_test/key"
-rwxrwxrwx 1 mqm mqm 8400 Nov 6 15:27 AMQCLCHL.TAB
-rwxrwxr-x 1 mqm mqm 88 Nov 6 11:46 key.crl
-rwxrwxr-x 1 mqm mqm 10088 Nov 6 11:46 key.kdb
-rwxrwxr-x 1 mqm mqm 5088 Nov 6 11:46 key.rdb
-rwxrwxr-x 1 mqm mqm 129 Nov 6 11:46 key.sth |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Tue Nov 06, 2018 2:32 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9486
Location: US: west coast, almost. Otherwise, enroute.
|
And you did a refresh security type ssl? Or restarted the qmgr?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| hughson |
| Posted: Tue Nov 06, 2018 3:12 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1967
Location: Bay of Plenty, New Zealand
|
Is the channel running on the queue manager:-
| Code: |
| DISPLAY CHSTATUS(SSL.CHANNEL) STATUS SUBSTATE |
What does SUBSTATE show. I expect SSLHANDSK.
Do you have OCSP checking on, and unable to reach the target URL in the certificate? A regular causer of SSL/TLS channels hanging in a handshake.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| bronsonlg |
| Posted: Wed Nov 07, 2018 4:33 am Post subject: |
|
|
Newbie
Joined: 06 Nov 2018
Posts: 3
|
| bruce2359 wrote: |
| And you did a refresh security type ssl? Or restarted the qmgr? |
Yes Both |
|
| Back to top |
|
|
| bronsonlg |
| Posted: Wed Nov 07, 2018 4:35 am Post subject: |
|
|
Newbie
Joined: 06 Nov 2018
Posts: 3
|
| hughson wrote: |
Is the channel running on the queue manager:-
| Code: |
| DISPLAY CHSTATUS(SSL.CHANNEL) STATUS SUBSTATE |
What does SUBSTATE show. I expect SSLHANDSK.
Do you have OCSP checking on, and unable to reach the target URL in the certificate? A regular causer of SSL/TLS channels hanging in a handshake.
Cheers,
Morag |
DIS CHS results:
AMQ8420: Channel Status not found.
qm.ini snip
SSL:
OCSPAuthentication=OPTIONAL
OCSPCheckExtensions=NO |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Nov 07, 2018 5:28 am Post subject: Re: amqsputc SSL connection failing at Sample AMQSPUT0 start |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9486
Location: US: west coast, almost. Otherwise, enroute.
|
What version/release/mod of MQ on client? Server?
What errors in the MQ client-side ERRORS directory/folder?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| hughson |
| Posted: Wed Nov 07, 2018 9:02 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1967
Location: Bay of Plenty, New Zealand
|
| bronsonlg wrote: |
| hughson wrote: |
Is the channel running on the queue manager:-
| Code: |
| DISPLAY CHSTATUS(SSL.CHANNEL) STATUS SUBSTATE |
What does SUBSTATE show. I expect SSLHANDSK. |
DIS CHS results:
AMQ8420: Channel Status not found. |
That is very odd. If your channel is not even running while your sample application sits in this state ....
| bronsonlg wrote: |
trying to amqsputc QUEUE1 QM1
results are
amqsputc QUEUE1 QM1
Sample AMQSPUT0 start
** Never get target reference "target queue is QUEUE1"
just hangs at Sample AMQSPUT0 start |
... then that means the connection has not made it to the queue manager (otherwise you would see a SVRCONN channel in STATUS(BINDING) and some SUBSTATE.
Normally with no visible evidence of the connection at the queue manager and I would be telling to check your hostname etc. However you say:-
| bronsonlg wrote: |
| Remove the SSLCIPH value and all works fine. |
Could you describe how you remove the SSLCIPH value?
| bronsonlg wrote: |
| hughson wrote: |
| Do you have OCSP checking on, and unable to reach the target URL in the certificate? A regular causer of SSL/TLS channels hanging in a handshake. |
qm.ini snip
SSL:
OCSPAuthentication=OPTIONAL
OCSPCheckExtensions=NO |
What about in your mqclient.ini file? The client side of the connection could also be doing OCSP.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
|
|
