CODEWITHSUNDEEP
c#ibm-mq
Selwade
Selwade

Reputation: 43

Could not Connect to IBMMQ 7.5 using SSL

Below Code is just working fine with IBMMQ 8.0 DLL and server when I switch to 7.5 (both DLL and server) it is giving me this error using same certificate

The SSL key repository cannot be used because MQ cannot obtain a password to access it. Reasons giving rise to this error include: &B (a) the key database file and password stash file are not present in the location configured for the key repository, &B (b) the key database file exists in the correct place but that no password stash file has been created for it, &B (c) the files are present in the correct place but the userid under

public void test() {
    Environment.SetEnvironmentVariable("MQCCSID", "437");

    MQQueueManager mQQueueManager = null;
    MQQueue mQQueue = null;
    Hashtable hashTable = null;
    try {
        hashTable = new Hashtable();
        // Setup properties for connection
        hashTable.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_MANAGED);
        hashTable.Add(MQC.HOST_NAME_PROPERTY, "IP");
        hashTable.Add(MQC.PORT_PROPERTY, 1414);
        hashTable.Add(MQC.CHANNEL_PROPERTY, "Channel");
        hashTable.Add(MQC.PASSWORD_PROPERTY, "123");
        hashTable.Add(MQC.USER_ID_PROPERTY, "user");

        mQQueueManager = new MQQueueManager("QueueName", hashTable);

        // Open queue for browsing
        mQQueue = mQQueueManager.AccessQueue("que", MQC.MQOO_BROWSE | MQC.MQOO_FAIL_IF_QUIESCING);

        ListOfMessages = new List < MQMessageDto > ();
        // In a loop browse all messages till we reach end of queue
        while (true) {
            try {
                // Need to create objects everytime
                var mQMessage = new MQMessage();

                var mQGetMessageOptions = new MQGetMessageOptions {
                    // Use browse next option to start browsing
                    Options = MQC.MQGMO_BROWSE_NEXT
                };
                mQQueue.Get(mQMessage, mQGetMessageOptions);
                ListOfMessages.Add(new MQMessageDto() {
                    Id = ListOfMessages.Count + 1,
                    Message = Encoding.UTF8.GetString(mQMessage.ReadBytes(mQMessage.MessageLength))
                });
            } catch (MQException mqex) {
                if (ListOfMessages.Count == 0) {
                    MessageBox.Show("There is no messages in MQ");
                }
                mQQueue.Close();
                break;
            }
        }
        mQQueueManager.Disconnect();

        grdMessages.DataSource = ListOfMessages;
        grdMessages.Columns["Id"].Width = (int)(grdMessages.Width * 0.1);
        grdMessages.Columns["Message"].Width = (int)(grdMessages.Width * 0.8);
    } catch (Exception ex) {
        MessageBox.Show(ex.Message);
    }
}

Upvotes: 1

Views: 385

Answers (3)

colin paice
colin paice

Reputation: 114

Regarding:

When I upgraded my client to V9 I'm getting "MQRC_Q_MGR_NOT_AVAILABLE" on client and "4/23/2020 21:03:22 - Process(11764.64) User() Program(amqrmppa.exe) Host(HOST) Installation(Installation1) VRMF(7.5.0.2) QMgr() Remote channel '' did not specify a CipherSpec. Remote channel '' did not specify a CipherSpec when the local channel expected one to be specified. &P The remote host is '...* (...)'. &P The channel did not start. Change the remote channel '' on host ()' to specify a CipherSpec so that both ends of the channel have matching CipherSpecs." in server

display the cipher spec being used dis chl(xxx) SSLCIPH You may have specified something which is no longer supported by the underlying TLS support.

dis chl(xxx)

Upvotes: 0

Sufyan Jabr
Sufyan Jabr

Reputation: 809

What are you describing means you have wrong configuration at IBM side, and Since you are using IBM MQ 7.5. I think you got the path for the SSL key repository wrong, it should point to the key name not the folder.

enter image description here

Also make sure that you have selected Optional from SSL tab inside your Channel.

For more details.. More details about this issue can be found here about error this error code: 2538 error on MQ for SSL channel connection

Upvotes: 1

ChrisL
ChrisL

Reputation: 129

You didn't mention which specific level of 7.5 you are using. If it is 7.5.0.7 or earlier, the stash file will likely be the problem:

https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.1.0/com.ibm.mq.mig.doc/q128820_.htm

Older versions of the cryptographic provider used by MQ (GSKit) use a different stash file format for the keystore password.

While newer GSKit versions can handle the old stash file format, the new format is not readable by older GSKit versions. If you are using a level which uses the new format, you can create a backwards-compatible stash file with the -v1stash option:

runmqakm -keydb -stashpw -db <filename> -pw <password> -v1stash

A better alternative, as MQ 7.5 is out of support, would be to use a newer client level, which can still communicate with a 7.5 queue manager if required.

For reference, the first GSKit level which uses the new stash file format is 8.0.50.69. Levels of GSKit bundled with MQ are listed here: https://www.ibm.com/support/pages/levels-jre-and-gskit-bundled-ibm-mq

Upvotes: 1

Related Questions