IBM Support

PM96830: WMQ AFTER MIGRATION TO V710 CSQX636E IS GENERATED INDICATING THEDISTINGUISHED NAME DOES NOT MATCH THE SSLPEERNAME

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • After migration to Version 7.1 SSL certification authentication
    may return with ' CSQX636E CSQXRCTL Distinguished name does not
    match peer name '.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of WebSphere MQ for z/OS Version 7 *
    *                 Release 1 Modification 0.                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: When using an SSLPEER channel attribute *
    *                      to restrict access to a channel,        *
    *                      distinguished name attributes           *
    *                      containing commas may prevent a channel *
    *                      from starting.                          *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When using an SSL enabled channel and setting the SSLPEER
    attribute value to match a certificate whose distinguished name
    contains a comma in one of its attributes, MQ incorrectly treats
    the comma as a delimiter between DN attributes rather than
    treating it as a literal character as intended. This results in
    the channel failing to start with error CSQX636E being logged.
    

Problem conclusion

  • Parsing of SSL distinguished name attributes now takes embedded
    commas into account and permits them to be matched by the
    SSLPEER channel attribute.
    100Y
    CMQXRSSG
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM96830

  • Reported component name

    WMQ Z/OS V7

  • Reported component ID

    5655R3600

  • Reported release

    100

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2013-09-11

  • Closed date

    2013-12-04

  • Last modified date

    2014-03-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UI13199

Modules/Macros

  • CMQXRSSG
    

Fix information

  • Fixed component name

    WMQ Z/OS V7

  • Fixed component ID

    5655R3600

Applicable component levels

  • R100 PSY UI13199

       UP14/02/05 P F402

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
03 March 2014