Clever Geek Handbook

How to connect from a client to IBM WebSphere Queue Manager using an SSL connection

I followed all the steps closely to create keystore, client certificate, server
  using the following videos:

**"Configuring WMQ Explorer for TLS (Part1, Part2, Part3, Part4) as below".**
Part 1: WMQ Explorer TLS 1 of 4: Create the QMgr KDB and certificate**
Part 2: WMQ Explorer TLS 2 of 4: Create the user JKS and certificate
Part 3: WMQ Explorer TLS 3 of 4: Configure WMQ Explorer preferences
Part 4: WMQ Explorer TLS 4 of 4: Connecting

I am now trying to connect from IBM Websphere MQ Client (V7.5.0.3) to IBM WebSphere MQ
  Server (V7.5.0.2) server queue manager using SSL.

From the IBM WebSphere MQ Explorer (Client Side) : 

a) Provided the Queue Manager Name : jmsdemo
b) Selected the radio-button "Connect directly"
c) Hostname or IP Address :  Server IP
d) Port number : Server Port of the Queue Manager that i am trying to connect.
e) Server-connection channel : Server Connection Channel 
  (This server connection channel has below parameters
  MCA --> MUSR_MQADMIN
  SSL --> SSL Cipher Spec : "TLS_RSA_WITH_AES_128_CBC_SHA256"
  SSL Authentication : Required

f) After finishing all the steps, when i press the "Finish" Button. I am getting the below    
errors.

Please let me know if i missing/doing something wrong in-order to connect to SSL?

Links:

a) Below is the error in the user interface (IBM WebSphere MQ Explorer client):

The jmsdemo queue manager is not available for client connection due to SSL configuration error.
  (AMQ4199) jmsdemo queue manager is not available for client connection due to SSL configuration error. (AMQ4199) Severity: 30 (serious error) Explanation: A user is trying to connect to a remote queue manager using a secure connection. Answer. Check the SSL configuration of the target queue manager and local SSL trust store.

b) Below error information is retrieved error file "AMQERR01" (server side)

https://docs.google.com/document/d/19b-N4qc0zXw4HiwZv5pmmeixqeClDDHgWpylalkHhqY/edit#

Thanks JK

+3


source to share


1 answer


This error AMQ9660: SSL key repository: password stash file absent or unusable

will most likely be caused by a corrupt postmark file. The stash file contains the password for the key repository. I suggest you follow these steps:

1) Go to the folder that contains the queue manager key store (.kdb file).

2) Find the stash (.sth) file of the key repository and delete it.

3) Then open the .kdb file in the "IBM Key Management Tool" with the current password.



4) After opening the kdb file, click "Key Database File → Stash Password". This will create the stitch file again.

5) (May be required): Then run REFRESH SECURITY TYPE(SSL)

for the queue manager c runmqsc

.

Then try to connect.

+2


source






More articles:


All Articles