Fixes are available
APAR status
Closed as program error.
Error description
A WebSphere MQ classes for Java Message Service (JMS) or WebSphere MQ classes for Java client application tries to make a connection to a queue manager secured with SSL/TLS. This fails with a JMSException, with reason code MQRC_SSL_PEER_NAME_ERROR. The exception is similar to: JMSWMQ0018: "Failed to connect to queue manager 'QMNAME' with connection mode '1' and host name 'servername(port#)'." The liked exception reports WMQ reason code 2399 MQRC_SSL_PEER_NAME_ERROR and error AMQ9640: SSL invalid peer name, channel '?', attribute 'OID.2.5.4.17 (x2)'. The above error is seen when the SSL certificate's distinguished name (DN) includes one of the attributes: SERIALNUMBER MAIL E UID USERID DC STREET PC POSTALCODE UNSTRUCTUREDNAME UNSTRUCTUREDADDRESS DNQ
Local fix
Recreate the personal certificate used by the client application without specifying any of the optional attributes from the list above in the distinguished name (DN).
Problem summary
**************************************************************** USERS AFFECTED: This issue affects users of: - The WebSphere MQ V7 classes for Java. - The WebSphere MQ V7 classes for JMS. - The WebSphere MQ V7 Resource Adapter. - The WebSphere Application Server V7 WebSphere MQ messaging provider. - The WebSphere Application Server V8 WebSphere MQ messaging provider. - The WebSphere Application Server V8.5 WebSphere MQ messaging provider. - The WebSphere Application Server V6.1 WebSphere MQ messaging provider who have configured the WebSphere variable MQ_INSTALL_ROOT to point to a WebSphere MQ V7 installation. attempting to secure connections to a queue manager using certificates with a Distinguished Name containing attributes from the list above. Platforms affected: All Distributed (iSeries, all Unix and Windows) +Java +Java zOS **************************************************************** PROBLEM SUMMARY: From WebSphere MQ version 7.1, the number of distinguished name attributes that could be specified in certificates being used to secure channel connections was increased. The WebSphere MQ classes for Java and JMS clients did not recognise these new attributes correctly, so any attempt to use certificates with these attributes caused the error seen above.
Problem conclusion
All distinguished name attributes referred to above can now be specified in certificates used to secure connections from WebSphere MQ Java and JMS clients to queue managers. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: v7.1 Platform Fix Pack 7.1.0.3 -------- -------------------- Windows 7.1.0.3 AIX 7.1.0.3 HP-UX (Itanium) 7.1.0.3 Solaris (SPARC) 7.1.0.3 Solaris (x86-64) 7.1.0.3 iSeries 7.1.0.3 Linux (x86) 7.1.0.3 Linux (x86-64) 7.1.0.3 Linux (zSeries) 7.1.0.3 Linux (Power) 7.1.0.3 zOS 7.1.0.3 Platform v7.5 -------- -------------------- Multiplatforms 7.5.0.1 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IC83494
Reported component name
WMQ WINDOWS V7
Reported component ID
5724H7220
Reported release
710
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-05-15
Closed date
2012-10-19
Last modified date
2014-02-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ WINDOWS V7
Fixed component ID
5724H7220
Applicable component levels
R710 PSY
UP
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFKSJ","label":"WebSphere MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1"}]
Document Information
Modified date:
20 September 2021