We are trying to connect to IBM MQ from RHEL 8.3 using .net core 3.1 application.
The same code runs ok on Windows- we are able to connect to QM.
We are facing an error that comes, as we believe, from openssl:
---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094412:SSL routines:ssl3_read_bytes:sslv3 >alert bad certificate --- End of inner exception stack trace --- at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 >recvCount, Byte[]& sendBuf, Int32& sendCount) in >/_/src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs:line 278
We can see that MQClient loaded certificates
00000157 12:30:07.116059 536167.15 -----------{ MQEncryptedSocket.MakeSecuredConnection()
00000158 12:30:07.116425 536167.15 Created an instance of SSLStreams
00000159 12:30:07.116466 536167.15 Setting current certificate store as 'User'
0000015A 12:30:07.116528 536167.15 Linux so use My & CurrentUser
0000015B 12:30:07.116542 536167.15 Created store object to access certificates 0000015C 12:30:07.116780 536167.15 Opened store
0000015D 12:30:07.116795 536167.15 Accessing certificate - ZZZZ
0000015E 12:30:07.230836 536167.15 Number of certificates in the store:5
0000015F 12:30:07.231092 536167.15 TLS12 supported - True
00000160 12:30:07.233622 536167.15 Setting SslProtol as Tls12
00000161 12:30:07.233652 536167.15 Starting SSL Authentication
We have unit test that verifies if cert of given subject exists in that store and it passes.
What we've done already:
var cert = x509Store2.Certificates.Find(X509FindType.FindBySubjectName, mockIbmMqOptions.MqCertificateLabel, true).Count;
x509Store2.Close();
x509Store2.Dispose();
Assert.True(cert > 0);
Any ideas?
Thank you @JoshMc based on this question we successfully managed to finish the handshake. I think this is a general solution for .net core on RHEL and IBM MQ Client libraries:
certificate-tool add