Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
2 replies Latest Post - ‏2012-04-23T12:14:50Z by bpulito
SystemAdmin
SystemAdmin
45 Posts
ACCEPTED ANSWER

Pinned topic Q Program, Working with SSL, Windows XP

‏2012-04-21T22:03:05Z |
Hello,
I want to connect to QM using clients channel and SSL sertificate. I try the following command and get an error:

C:\WINDOWS>q -lmqic32 -mQM1 -iQ1 -xc
MQSeries Q Program by Paul Clarke V5.0.0 Build:Jul 15 2008
Enter Channel Name
MY
Enter Channel Type (NULL for CLNTCONN)
Enter Transport Type (NULL for TCP)
Enter connection name (NULL for localhost)
localhost(11111)
Do you want exits ?
n
Do you want SSL ?
y
Enter Cipher Spec NULL for RC4_SHA_US
NULL_MD5
Enter Key Repository (NULL for c:\mqm\key)
Enter CryptoHardware
Enter Authinfo Conn Name
Connecting ...failed.
MQCONNX on object 'QM1' returned 2538 Host Not Available.


But when I use the following command, everything works fine:
C:\WINDOWS>q -mQM1 -iQ1 -xc
MQSeries Q Program by Paul Clarke V5.0.0 Build:Jul 15 2008
Enter Channel Name
MY
Enter Channel Type (NULL for CLNTCONN)
Enter Transport Type (NULL for TCP)
Enter connection name (NULL for localhost)
localhost(11111)
Do you want exits ?
n
Do you want SSL ?
y
Enter Cipher Spec NULL for RC4_SHA_US
NULL_MD5
Enter Key Repository (NULL for c:\mqm\key)
Enter CryptoHardware
Enter Authinfo Conn Name
Connecting ...connected to 'QM1'.
111
No more messages.

Seems, the reason of the problem library mqic32.. Why I cannot connect using this library and SSL to QM? In error log I have records:

2012-04-18 13:48:10 - Process(3136.21) User(MUSR_MQADMIN) Program(amqrmppa.exe)
Host(VMWARE-WXP)
AMQ9660: SSL key repository: password stash file absent or unusable.

EXPLANATION:
The SSL key repository cannot be used because MQ cannot obtain a password to
access it. Reasons giving rise to this error include:
(a) the key database file and password stash file are not present in the
location configured for the key repository,
(b) the key database file exists in the correct place but that no password
stash file has been created for it,
(c) the files are present in the correct place but the userid under which MQ is
running does not have permission to read them,
(d) one or both of the files are corrupt.

The channel is '????'; in some cases its name cannot be determined and so is
shown as '????'. The channel did not start.
ACTION:
Ensure that the key repository variable is set to where the key database file
is. Ensure that a password stash file has been associated with the key database
file in the same directory, and that the userid under which MQ is running has
read access to both files. If both are already present and readable in the
correct place, delete and recreate them. Restart the channel.

In the Internet I cannot find any explanation to this situation.
Thanks for help!!!
Updated on 2012-04-23T12:14:50Z at 2012-04-23T12:14:50Z by bpulito
  • SystemAdmin
    SystemAdmin
    45 Posts
    ACCEPTED ANSWER

    Re: Q Program, Working with SSL, Windows XP

    ‏2012-04-22T01:45:58Z  in response to SystemAdmin
    I set next environment variable:

    GMQ_MQ_LIB=mqic32.dll
    MQSSLKEYR=c:\mqm\qutil
    MQ_CONNECT_TYPE=CLIENT

    I connect to QM on the local machine
  • bpulito
    bpulito
    23 Posts
    ACCEPTED ANSWER

    Re: Q Program, Working with SSL, Windows XP

    ‏2012-04-23T12:14:50Z  in response to SystemAdmin
    This is not a SIP or CEA related issue and is posted to the wrong forum. This looks like an MQ question, not sure where you should go with this but I would look for a more general purpose WAS forum. Here is a good place to start:
    http://www.ibm.com/developerworks/forums/wsdd_forums.jspa