IBM Support

XX00223: MQ MANAGED FILE TRANSFER PLUGIN FOR MQ EXPLORER CANNOT CONNECT TO A COORDINATION QUEUE MANAGER CONFIGURED TO USE SSL

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The WebSphere MQ Managed File Transfer (MFT) version 8 Explorer
    plug-in
    (for a local MFT configuration) cannot connect to a coordination
    queue manager configured with SSL, using a signed certificate
    for the queue manager,
    even though the client truststore location and password have
    been specified.
    
    The error reported to the user is:
    
    Connection to null on 'host_name>' failed
    BFGCI0009E: Password not defined in the MQMFT credentials file
    for truststore
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    This issue affects users of the WebSphere MQ v8 Managed File
    Transfer (MFT) Explorer plug-in who create a local MFT
    configuration and:
    
     - use SSL to connect to a remote WebSphere MQ MFT coordination
    queue manager that has been added to the WebSphere MQ Explorer
    which has a trusted certificate store SSL key repository
    configured to hold SSL certificates for trusted queue managers.
    
     and/or
    
     - use SSL to connect to a remote WebSphere MQ MFT command queue
    manager that has been added to the WebSphere MQ Explorer which
    has a trusted certificate store SSL key repository configured to
    hold SSL certificates for trusted queue managers.
    
    
    
    Platforms affected:
    Linux on x86-64, Linux on x86, Windows
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    When the WebSphere MQ Managed File Transfer (MFT) v8 Explorer
    plug-in attempted to connect a local MFT configuration to a
    remote coordination queue manager using SSL, the connection
    attempt would fail because the MFT v8 Explorer plug-in used the
    password configured for the personal certificate store
    configured for the remote queue manager instead of the intended
    trusted certificate store.
    
    An attempt by the WebSphere MQ MFT v8 Explorer plug-in to
    connect to an MFT command queue manager, to submit new file
    transfer requests for example, that was also configured to use
    SSL would also fail for the same reason.
    
    The WebSphere MQ v8 Managed File Transfer (MFT) Explorer plug-in
    would also use an incorrect password when attempting to access
    the personal certificate store in the scenario where the user
    disabled password saving in the WebSphere MQ Explorer and was
    instead prompted to enter the password when required. When this
    occurred, the WebSphere MQ v8 Managed File Transfer (MFT)
    Explorer plug-in attempted to use either a blank password or the
    trusted store password, as entered by a user after being
    prompted, when attempting to access the personal certificate
    store.
    

Problem conclusion

  • The WebSphere MQ Managed File Transfer (MFT) v8 Explorer plug-in
    code has been updated such that the password configured for
    trusted certificate store associated with the remote
    coordination and/or command queue manager is used to access this
    SSL key repository when establishing remote SSL connections.
    
    In addition, the code has also been updated such that the
    personal certificate store password that is entered by a user
    when prompted, when password saving is disabled, is the one that
    is used to access toed to access the personal certificate store
    SSL key repository.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v8.0       8.0.0.1
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    XX00223

  • Reported component name

    WEBSPHERE MQ V8

  • Reported component ID

    5724H7250

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-08-12

  • Closed date

    2014-09-11

  • Last modified date

    2014-09-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE MQ V8

  • Fixed component ID

    5724H7250

Applicable component levels

  • R800 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
11 September 2014