IBM Support

IC83494: WMQ V7.1: JMS CLIENT CONNECTION VIA SSL ENABLED CHANNEL FAILS WITH RC 2399 MQRC_SSL_PEER_NAME_ERROR.

Fixes are available

WebSphere MQ V7.5 Fix Pack 7.5.0.1
Fix Pack 7.1.0.3 for WebSphere MQ V7.1

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • A WebSphere MQ classes for Java Message Service (JMS) or
WebSphere MQ classes for Java client application tries to make a
connection to a queue manager secured with SSL/TLS. This fails
with a JMSException, with reason code MQRC_SSL_PEER_NAME_ERROR.
The exception is similar to:

JMSWMQ0018: "Failed to connect to queue manager 'QMNAME' with
connection mode '1' and host name 'servername(port#)'."  The
liked exception reports WMQ reason code 2399
MQRC_SSL_PEER_NAME_ERROR and error AMQ9640: SSL invalid peer
name, channel '?', attribute 'OID.2.5.4.17 (x2)'.

The above error is seen when the SSL certificate's
distinguished name (DN) includes one of the attributes:

SERIALNUMBER
MAIL
E
UID
USERID
DC
STREET
PC
POSTALCODE
UNSTRUCTUREDNAME
UNSTRUCTUREDADDRESS
DNQ

Local fix

  • Recreate the personal certificate used by the client
application without specifying any of the optional attributes
from the list above in the distinguished name (DN).

Problem summary

  • ****************************************************************
USERS AFFECTED:
This issue affects users of:

- The WebSphere MQ V7 classes for Java.
- The WebSphere MQ V7 classes for JMS.
- The WebSphere MQ V7 Resource Adapter.
- The WebSphere Application Server V7 WebSphere MQ messaging
provider.
- The WebSphere Application Server V8 WebSphere MQ messaging
provider.
- The WebSphere Application Server V8.5 WebSphere MQ messaging
provider.
- The WebSphere Application Server V6.1 WebSphere MQ messaging
provider who have configured the WebSphere variable
MQ_INSTALL_ROOT to point to a WebSphere MQ V7 installation.

attempting to secure connections to a queue manager using
certificates with a Distinguished Name containing attributes
from the list above.

Platforms affected:
All Distributed (iSeries, all Unix and Windows) +Java +Java zOS
****************************************************************
PROBLEM SUMMARY:
From WebSphere MQ version 7.1, the number of distinguished name
attributes that could be specified in certificates being used to
secure channel connections was increased. The WebSphere MQ
classes for Java and JMS clients did not recognise these new
attributes correctly, so any attempt to use certificates with
these attributes caused the error seen above.

Problem conclusion

  • All distinguished name attributes referred to above can now be
specified in certificates used to secure connections from
WebSphere MQ Java and JMS clients to queue managers.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

                   v7.1
Platform           Fix Pack 7.1.0.3
--------           --------------------
Windows            7.1.0.3
AIX                7.1.0.3
HP-UX (Itanium)    7.1.0.3
Solaris (SPARC)    7.1.0.3
Solaris (x86-64)   7.1.0.3
iSeries            7.1.0.3
Linux (x86)        7.1.0.3
Linux (x86-64)     7.1.0.3
Linux (zSeries)    7.1.0.3
Linux (Power)      7.1.0.3
zOS                7.1.0.3

Platform           v7.5
--------           --------------------
Multiplatforms     7.5.0.1

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IC83494
    • 

  • Reported component name
    WMQ WINDOWS V7
    • 

  • Reported component ID
    5724H7220
    • 

  • Reported release
    710
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-05-15
    • 

  • Closed date
    2012-10-19
    • 

  • Last modified date
    2014-02-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WMQ WINDOWS V7
    • 

  • Fixed component ID
    5724H7220
    • 



Applicable component levels


    

  • R710  PSY
       UP
    • 








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFKSJ","label":"WebSphere MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            20 September 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback