IBM Support

IV04684: WEBSPHEREMQ V7 SSL WITH CDPCHECKEXTENSIONS=YES REPORT AMQ9666 (RRCE_SSL_LDAP_NOT_AVAILABLE).

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When using SSL to secure channels in WebSphere MQ V7, and
    setting the attribute CDPCheckExtensions=YES in the qm.ini file
    the following error is generated when attempting to connect the
    channels.
    
    AMQ9666: Error accessing CRL LDAP servers; SSL channel
    'XXXXXXX.YYYYYYYYY'.
    
    The AMQ9666 error is not necessarily related to
    LDAP.
    
    No FDC files were generated.
    

Local fix

  • In the qm.ini, file set CDPCheckExtensions=NO
    

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    WMQ V7 user having certificate revocation list (CRL) setup as
    Online Certificate Status Protocol (OCSP) or
    CrlDistributionPoint (CDP).
    
    Platforms affected:
    Windows,All Unix
    
    ****************************************************************
    PROBLEM SUMMARY:
    WMQ uses default buffer size of 204800 bytes to accept a
    response from a HTTP Server when retrieving a CRL and 20480
    bytes to accept a response from a OCSP Responder. When the
    respective response exceeds the default value the channel fails
    to start giving errors like LDAP server not available, OCSP
    Response signature check fail or similar.
    

Problem conclusion

  • The default buffer size of OCSP and CDP has been increased in
    the WMQ code to cope up with the growing needs.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
                       v7.0
    Platform           Fix Pack 7.0.1.8
    --------           --------------------
    Windows            U200335
    AIX                U845856
    HP-UX (PA-RISC)    U847965
    HP-UX (Itanium)    U847970
    Solaris (SPARC)    U847966
    Solaris (x86-64)   U847972
    Linux (x86)        U847967
    Linux (x86-64)     U847971
    Linux (zSeries)    U847968
    Linux (Power)      U847969
    
                       v7.1
    Platform           Fix Pack 7.1.0.1
    --------           --------------------
    Windows            7.1.0.1
    AIX                7.1.0.1
    HP-UX (Itanium)    7.1.0.1
    Solaris (SPARC)    7.1.0.1
    Solaris (x86-64)   7.1.0.1
    Linux (x86)        7.1.0.1
    Linux (x86-64)     7.1.0.1
    Linux (zSeries)    7.1.0.1
    Linux (Power)      7.1.0.1
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV04684

  • Reported component name

    WMQ AIX V7

  • Reported component ID

    5724H7221

  • Reported release

    701

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-08-05

  • Closed date

    2012-01-27

  • Last modified date

    2012-01-31

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ AIX V7

  • Fixed component ID

    5724H7221

Applicable component levels

  • R701 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCPQ63","label":"APAR \/ Maintenance"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.1","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
31 January 2012