IBM Support

XX00223: MQ MANAGED FILE TRANSFER PLUGIN FOR MQ EXPLORER CANNOT CONNECT TO A COORDINATION QUEUE MANAGER CONFIGURED TO USE SSL

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The WebSphere MQ Managed File Transfer (MFT) version 8 Explorer
plug-in
(for a local MFT configuration) cannot connect to a coordination
queue manager configured with SSL, using a signed certificate
for the queue manager,
even though the client truststore location and password have
been specified.

The error reported to the user is:

Connection to null on 'host_name>' failed
BFGCI0009E: Password not defined in the MQMFT credentials file
for truststore

Local fix

  • 



Problem summary


    

  • ****************************************************************
USERS AFFECTED:
This issue affects users of the WebSphere MQ v8 Managed File
Transfer (MFT) Explorer plug-in who create a local MFT
configuration and:

 - use SSL to connect to a remote WebSphere MQ MFT coordination
queue manager that has been added to the WebSphere MQ Explorer
which has a trusted certificate store SSL key repository
configured to hold SSL certificates for trusted queue managers.

 and/or

 - use SSL to connect to a remote WebSphere MQ MFT command queue
manager that has been added to the WebSphere MQ Explorer which
has a trusted certificate store SSL key repository configured to
hold SSL certificates for trusted queue managers.



Platforms affected:
Linux on x86-64, Linux on x86, Windows

****************************************************************
PROBLEM DESCRIPTION:
When the WebSphere MQ Managed File Transfer (MFT) v8 Explorer
plug-in attempted to connect a local MFT configuration to a
remote coordination queue manager using SSL, the connection
attempt would fail because the MFT v8 Explorer plug-in used the
password configured for the personal certificate store
configured for the remote queue manager instead of the intended
trusted certificate store.

An attempt by the WebSphere MQ MFT v8 Explorer plug-in to
connect to an MFT command queue manager, to submit new file
transfer requests for example, that was also configured to use
SSL would also fail for the same reason.

The WebSphere MQ v8 Managed File Transfer (MFT) Explorer plug-in
would also use an incorrect password when attempting to access
the personal certificate store in the scenario where the user
disabled password saving in the WebSphere MQ Explorer and was
instead prompted to enter the password when required. When this
occurred, the WebSphere MQ v8 Managed File Transfer (MFT)
Explorer plug-in attempted to use either a blank password or the
trusted store password, as entered by a user after being
prompted, when attempting to access the personal certificate
store.

    



Problem conclusion


    

  • The WebSphere MQ Managed File Transfer (MFT) v8 Explorer plug-in
code has been updated such that the password configured for
trusted certificate store associated with the remote
coordination and/or command queue manager is used to access this
SSL key repository when establishing remote SSL connections.

In addition, the code has also been updated such that the
personal certificate store password that is entered by a user
when prompted, when password saving is disabled, is the one that
is used to access toed to access the personal certificate store
SSL key repository.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v8.0       8.0.0.1

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    XX00223
    • 

  • Reported component name
    WEBSPHERE MQ V8
    • 

  • Reported component ID
    5724H7250
    • 

  • Reported release
    800
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2014-08-12
    • 

  • Closed date
    2014-09-11
    • 

  • Last modified date
    2014-09-11
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WEBSPHERE MQ V8
    • 

  • Fixed component ID
    5724H7250
    • 



Applicable component levels


    

  • R800  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            11 September 2014
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback