Topic
  • 6 replies
  • Latest Post - ‏2017-02-15T15:47:43Z by GabrielOrrego
SystemAdmin
SystemAdmin
8523 Posts

Pinned topic SSL on Windows/AIX

‏2006-03-31T17:45:25Z |
I have developed an MQ client using base java on Windows in RAD. Final product to be deployed on AIX. I now have to implement SSL. I have recieved a certificate from the MQ server (type .p12), but need to know how to install on client. Up to this point I have not had to install any MQ software, as java only uses the client jar file provided by the server. I found an IKEYMAN.bat file (in RAD\runtimes\base_v51\bin)which I attempted to use to create a Key Database File (type CMS, per MQ Admin Guide). I get a warning "The CMS Java native library was not found. Please make sure the SSL component required by your product is intalled and the library path is defined correctly". I have MQSSLKEYR environment variable defined.

Is there something I need to install on my Windows XP so that I can get the certificate installed and usable by my MQClient? Will need to do the same for AIX production system. Any help is greatly appreciated.
Updated on 2006-04-14T14:59:34Z at 2006-04-14T14:59:34Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: SSL on Windows/AIX

    ‏2006-04-03T10:10:53Z  
    frankiew@us.ibm.com wrote:
    > I have developed an MQ client using base java on Windows in RAD. Final product to be deployed on AIX. I now have to implement SSL. I have recieved a certificate from the MQ server (type .p12), but need to know how to install on client. Up to this point I have not had to install any MQ software, as java only uses the client jar file provided by the server. I found an IKEYMAN.bat file (in RAD\runtimes\base_v51\bin)which I attempted to use to create a Key Database File (type CMS, per MQ Admin Guide). I get a warning "The CMS Java native library was not found. Please make sure the SSL component required by your product is intalled and the library path is defined correctly". I have MQSSLKEYR environment variable defined.
    >
    > Is there something I need to install on my Windows XP so that I can get the certificate installed and usable by my MQClient? Will need to do the same for AIX production system. Any help is greatly appreciated.

    This article should help you.

    http://www-128.ibm.com/developerworks/websphere/library/techarticles/0510_fehners/0510_fehners.html

    Alex.
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: SSL on Windows/AIX

    ‏2006-04-10T21:52:35Z  
    Thanks very much, this was just what I needed!! I now have a related problem. I got MQ client working on one system (with SSL) and now have to install on a second test system. This is also a Windows box, and I have installed the certificates on it as well. Things work fine from system 1 (even if I give path to certificates installed on system 2), but when I run on system 2, I get the following in the mq log:
    Thread: Servlet.Engine.Transports : 2 Class: SSLHelper creating SSL socket
    Thread: Servlet.Engine.Transports : 2, Object: com.ibm.mq.MQException: MQJE001: An MQException occurred: Completion Code 2, Reason 2059
    MQJE013: Error accessing socket streams ==> MQException constructor(cc, rc, source, msgid, insrt)() entry
    Thread: Servlet.Engine.Transports : 2, Object: com.ibm.mq.MQException: MQJE001: An MQException occurred: Completion Code 2, Reason 2059
    MQJE013: Error accessing socket streams javabase/com/ibm/mq/MQException.java, java, j5306, j5306-L031211 03/12/11 10:35:52 @(#) 1.50.1.1
    Is there something in the environment which has to be set in addition to what I'm setting in the code:
    System.setProperty("javax.net.ssl.trustStore",truststore);
    System.setProperty("javax.net.ssl.keyStore",keystore);
    System.setProperty("javax.net.ssl.keyStorePassword",keystorepassword);

    MQEnvironment.properties.put(MQC.SSL_CIPHER_SUITE_PROPERTY,CIPHERSUITE);
    (values are read from configuration file and seem OK based on my logging)

    Thanks for any help...I'm out of ideas.
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: SSL on Windows/AIX

    ‏2006-04-11T11:13:05Z  
    Thanks very much, this was just what I needed!! I now have a related problem. I got MQ client working on one system (with SSL) and now have to install on a second test system. This is also a Windows box, and I have installed the certificates on it as well. Things work fine from system 1 (even if I give path to certificates installed on system 2), but when I run on system 2, I get the following in the mq log:
    Thread: Servlet.Engine.Transports : 2 Class: SSLHelper creating SSL socket
    Thread: Servlet.Engine.Transports : 2, Object: com.ibm.mq.MQException: MQJE001: An MQException occurred: Completion Code 2, Reason 2059
    MQJE013: Error accessing socket streams ==> MQException constructor(cc, rc, source, msgid, insrt)() entry
    Thread: Servlet.Engine.Transports : 2, Object: com.ibm.mq.MQException: MQJE001: An MQException occurred: Completion Code 2, Reason 2059
    MQJE013: Error accessing socket streams javabase/com/ibm/mq/MQException.java, java, j5306, j5306-L031211 03/12/11 10:35:52 @(#) 1.50.1.1
    Is there something in the environment which has to be set in addition to what I'm setting in the code:
    System.setProperty("javax.net.ssl.trustStore",truststore);
    System.setProperty("javax.net.ssl.keyStore",keystore);
    System.setProperty("javax.net.ssl.keyStorePassword",keystorepassword);

    MQEnvironment.properties.put(MQC.SSL_CIPHER_SUITE_PROPERTY,CIPHERSUITE);
    (values are read from configuration file and seem OK based on my logging)

    Thanks for any help...I'm out of ideas.
    frankiew@us.ibm.com wrote:
    > Thanks for any help...I'm out of ideas.

    Reason code 2059 is "Queue Manager Not Available". Since it works
    locally but not remotely, I recommend that you double-check that you
    have started your listener.

    Regards,

    Phil Willoughby
    Software Engineer (Development)
    IBM Message Service Clients for C/C++
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: SSL on Windows/AIX

    ‏2006-04-11T15:16:55Z  
    frankiew@us.ibm.com wrote:
    > Thanks for any help...I'm out of ideas.

    Reason code 2059 is "Queue Manager Not Available". Since it works
    locally but not remotely, I recommend that you double-check that you
    have started your listener.

    Regards,

    Phil Willoughby
    Software Engineer (Development)
    IBM Message Service Clients for C/C++
    Figured out the problem. There is a "HTTP SSL" service, which apparently needs to be running. When the box was rebooted, it wasn't started. Starting the service, and re-starting the WAS server fixed the problem.
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: SSL on Windows/AIX

    ‏2006-04-14T14:59:34Z  
    Figured out the problem. There is a "HTTP SSL" service, which apparently needs to be running. When the box was rebooted, it wasn't started. Starting the service, and re-starting the WAS server fixed the problem.
    I need to know how to translate this to AIX. Our apps will be running under WAS on an AIX box for production. I don't see any http processes running on the system. Should there be something there, and how do I start? Also, I noticed there are some SSL config parms in WAS admin under security (for truststore, keystore, etc). Do these need to be set or will the settings in my java code override? Thanks for any help....again.
  • GabrielOrrego
    GabrielOrrego
    1 Post

    Re: SSL on Windows/AIX

    ‏2017-02-15T15:47:43Z  
    Figured out the problem. There is a "HTTP SSL" service, which apparently needs to be running. When the box was rebooted, it wasn't started. Starting the service, and re-starting the WAS server fixed the problem.

    hello SystemAdmin, 


    Thanks for you help.  I can't Rebooted, Maybe you know which  "HTTP SSL" name service ,has to be Running ?

    Thank you!

     

     

    Updated on 2017-02-15T21:23:02Z at 2017-02-15T21:23:02Z by GabrielOrrego