I hava a .Net Core application that puts messages on an IBM message queue. The connection is secure ssl connection with cypherspec TLS_RSA_WITH_AES_256_CBC_SHA256. I am using the sample application from IBM .Net Core client for managed code. While running the code normally on my computer and Visual Studio debug it works on windows.
Have the certs in the Dockerfile
COPY ["myCAcert.crt", "/usr/local/share/ca-certificates/" ]
RUN update-ca-certificates;
However the code fails when running from a Linux Docker container, I used the dotnet/core/aspnet:3.1-buster-slim in my dockerfile. I did telnet to check if the host has can be reachable and can be reachable. I don't know why I get this error on the container.
private String hostName = "151.156.191.22";
private int port = 1414;
private String channelName = "CHANNELA";
private String queueManagerName = "MYQUEUE";
private String queueName = "MYQUEUENAME";
private String userName = "s1user";
private String password = "123tfdfa";
private const String messageString = "test message";
private int numberOfMsgs = 1;
private String sslKeyRepository = "*USER";
private String cipherSpec = "TLS_RSA_WITH_AES_256_CBC_SHA256";
private String sslPeerName = null;
private int keyResetCount = 0;
private Boolean sslCertRevocationCheck = false;
private MQQueueManager queueManager;
private MQQueue queue;
private Hashtable properties;
private MQMessage message;
void PutMessages()
{
try
{
// mq properties
properties = new Hashtable();
properties.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_MANAGED);
properties.Add(MQC.HOST_NAME_PROPERTY, hostName);
properties.Add(MQC.PORT_PROPERTY, port);
properties.Add(MQC.CHANNEL_PROPERTY, channelName);
properties.Add(MQC.USER_ID_PROPERTY, userName);
properties.Add(MQC.PASSWORD_PROPERTY, password);
if (sslKeyRepository != null)
{
properties.Add(MQC.SSL_CERT_STORE_PROPERTY, sslKeyRepository);
}
if (cipherSpec != null)
{
properties.Add(MQC.SSL_CIPHER_SPEC_PROPERTY, cipherSpec);
}
if (sslPeerName != null)
{
properties.Add(MQC.SSL_PEER_NAME_PROPERTY, sslPeerName);
}
if (keyResetCount != 0)
{
properties.Add(MQC.SSL_RESET_COUNT_PROPERTY, keyResetCount);
}
if (sslCertRevocationCheck != false)
{
MQEnvironment.SSLCertRevocationCheck = sslCertRevocationCheck;
}
queueManager = new MQQueueManager(queueManagerName, properties);
Connecting to queue manager..
MQException caught: 2538 - MQRC_HOST_NOT_AVAILABLE
at IBM.WMQ.MQQueueManager.Connect(String queueManagerName)
at IBM.WMQ.MQQueueManager..ctor(String queueManagerName, Hashtable properties)
Error Code: CWSMQ0006
I found the solution to my own question. There are a few things that caused this error.
X509Certificate2 certificateca1 = new X509Certificate2("MyCaCert.crt");
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate_ca_crt);
This will install the certificate in the certificate store. Next set the XMSC property as usual. The following will work.
cf.SetStringProperty(XMSC.WMQ_SSL_KEY_REPOSITORY, "*USER");
This blog has also the solution regarding the certificate https://wiliammbr.com/drop-messages-in-ibm-mq-using-net-core/ also here https://www.imwuc.org/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=fbad35e1-86ae-4a0b-3ebb-e990f6fd156e
Then I received 2059 error QManager not availabe. This was due the cypherspec I was using,
I had to change the cypher spec to AES_128. Also on the MQ server channel to accept AES128 because the official IBM .net library did not support AES256 in linux. More on the other stack overflow Error MQException caught: 2059 - MQRC_Q_MGR_NOT_AVAILABLE .Net Core Linux Docker Container IBM MQ, caused by cipherspec mismatch
private String cipherSpec = "TLS_RSA_WITH_AES_256_CBC_SHA256";
Doing these changes, solved it for me. Please let me know if you are stuck with something similar.