c#.netsslssl-certificateibm-mq
.Net and IBM MQ Managed connection SSL using pfx ca cert
Below piece of code always returns 2059 MQRC_Q_MGR_NOT_AVAILABLE. I have not setup any .ini file, will that have any impact?
Server side log states below error:
AMQ9637: During handshake, the remote partner sent no certificate.
EXPLANATION:
The conversation cannot begin because a certificate has not been supplied by
the remote partner.
My code:
var properties = new Hashtable();
properties.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_MANAGED);
properties.Add(MQC.SSL_PEER_NAME_PROPERTY, "CN=BL9UZ8L");
MQEnvironment.Hostname = "xyz.com";
MQEnvironment.Port = 6000;
MQEnvironment.Channel = "2BMQ.NET.SPL";
MQEnvironment.SSLKeyRepository = "*SYSTEM";
MQEnvironment.SSLCertRevocationCheck = false;
MQEnvironment.SSLCipherSpec = "TLS_RSA_WITH_AES_128_CBC_SHA256";//"TLS_RSA_WITH_AES_256_CBC_SHA256";
MQEnvironment.CertificateLabel = "2BMQ_PROD";
Environment.SetEnvironmentVariable("MQDOTNET_TRACE_ON", "2");
queueManager = new MQQueueManager("BL9UZ8L", properties);
Solution
I had the same problem as above (and a couple of other problems). Here are my findings, hope they are helpful:
- I could not get the "CertificateLabel" property to work. Ended up setting the certificate friendly name to the default (right click certificate in certmgr and click properties), which is "ibmwebspheremq[userAccountName]" where [userAccountName] is replaced with the name of the user account running the program.
- For it to work I had to change the "SSL Configuration Settings" in Local Group Policy Editor, so the "SSL Cipher Suite Order" contained the value of the "SSLCipherSpec" property (link to source about it).
- [EDIT: This part about tracing doesn't work in all situations. I suspect it only works when WebSphere MQ is installed locally] In order to be able to see some WebSphere MQ logs, I enabled trace for it by using the environment variable "MQTRACEPATH" and set the value to a path, where I wanted the trace files to end.
Note that all my problems was due to my client not providing the server with a client certificate.
- Understanding the difference in timing of two functions that increment each element of an integer array
- Why MSVC generates warning C4127 when constant is used in "while" - C
- Executing a user-space function from the kernel space
- Why must the variable used to hold getchar's return value be declared as int?
- mpirun -np 4 ./a.out doesn't use all my cores (ubuntu 24.04LTS)
- Shadowing an iterator inside a for loop has undefined (?) behaviour in C
- Sleep for N seconds and wait for keypress
- Dereference twice in gdb
- Is this declaration UB?
- return type defaults to 'int' [-Wimplicit-int]
- What is the scope of `fesetround()`?
- Which specific optimization flag causes libm functions to be treated as pure?
- How to render text in SDL2?
- Why would you use 'extern "C++"'?
- Strange Behavior Compiler Ignoring NULL Check Unless I Print Something in the if Statement
- Fast inverse square root using fixed point instead of floating point
- What is the const qualifier attached to in C: the memory area or the pointer?
- GCC options for strictest C code?
- How to do an explicit fall-through in C
- How do compilers treat CONST qualifier when the pointer points to a memory location obtained with malloc()?
- C: cmocka headers - how to unittest?
- Why in C when I print a double with a one decimal it round it to the next number
- Android C to Java SWIG unable to compile: incompatible types: byte cannot be converted to SWIGTYPE_p_uint8_t
- GNU Make in Ubuntu giving fatal error: rpc/types.h: No such file or directory
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- How change every struct in an array of pointers?
- Optimized 2x2 matrix multiplication: Slow assembly versus fast SIMD
- Simple frame by frame video decoder library
- GCC no longer implements <varargs.h>
- Contents of IO buffer unknown == unsafe?