IBM Support

IT37745: AMQ9797E message might contain incorrect validation error code if local certificate validation fails

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • IBM MQ validates the local certificate as part of initializing
SSL/TLS capability. If this validation fails, an AMQ9797E
message is reported, which contains an internal validation error
code. This error code is always reported as 575001, regardless
of the reason for the validation failure.


AMQ9797E: Validation checks for the local personal certificate
with label
'qmgrcert' failed. The channel did not start.
EXPLANATION:
.....
More information may be available by issuing "-cert -validate"
against the
certificate using the certificate management tools supplied
with the product.
The certificate validation error was 575001.
ACTION:
Ensure that the system has a valid personal certificate and
restart the
channel.

Local fix

  • Use the "-cert -validate" option of runmqakm or runmqckm,
specifying the appropriate keystore and certificate label, to
obtain information on the nature of the certificate validation
failure.

Problem summary

  • ****************************************************************
USERS AFFECTED:
Users of IBM MQ TLS capability using a local certificate that
cannot be validated by IBM MQ's cryptographic provider.


Platforms affected:
MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
A logic error meant that the validation error code was never
overridden from its default value of 575001 prior to insertion
into the AMQ9797E message.

Problem conclusion

  • In the event of a local certificate validation failure, the
correct error code is now obtained from the IBM MQ client or
queue manager's cryptographic provider and inserted into the
AMQ9797E message.

On receipt of this error, users should inspect the local
certificate using the certificate management tools provided with
IBM MQ to obtain further details of the validation failure, as
described in the AMQ9797E message.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.1 LTS   9.1.0.10
v9.2 LTS   9.2.0.4
v9.x CD    9.2.5

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT37745
    • 

  • Reported component name
    IBM MQ BASE MP
    • 

  • Reported component ID
    5724H7271
    • 

  • Reported release
    910
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-07-23
    • 

  • Closed date
    2021-11-05
    • 

  • Last modified date
    2021-11-05
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM MQ BASE MP
    • 

  • Fixed component ID
    5724H7271
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"910"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            06 November 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback