I try connect .net 8 app's to server and I have problem with ssl/tls. I use IBMMQDotnetClient version 9.3.3.1. I installed x509Certificate and put correct config. This config, server and app (but .net 6) working on windows server but not linux. What it is wrong? What I have to put in MQC.CERT_LABEL_PROPERTY on linux? On linux x509Certificate not supproted FriendllyName
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadWrite);
var certificate = new X509Certificate2(certificatePath, certificatePassword);
store.Add(certificate);
store.Close();
}
MQQueueManager queueManager;
Hashtable properties;
MQMessage message;
properties = new Hashtable();
properties.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_MANAGED);
properties.Add(MQC.HOST_NAME_PROPERTY, _ibmMqClientSettings.HostName);
properties.Add(MQC.PORT_PROPERTY, _ibmMqClientSettings.Port);
properties.Add(MQC.CHANNEL_PROPERTY, _ibmMqClientSettings.ChannelName);
properties.Add(MQC.CCSID_PROPERTY, _ibmMqClientSettings.Ccsid);
properties.Add(MQC.SSL_CERT_STORE_PROPERTY, _ibmMqClientSettings.SslKeyRepositoryPath);
if (!string.IsNullOrEmpty(_ibmMqClientSettings.ChannelSslciph))
properties.Add(MQC.SSL_CIPHER_SPEC_PROPERTY, _ibmMqClientSettings.ChannelSslciph);
if (!string.IsNullOrEmpty(_ibmMqClientSettings.ClipherSuit))
properties.Add(MQC.SSL_CIPHER_SUITE_PROPERTY, _ibmMqClientSettings.ClipherSuit);
if (!string.IsNullOrEmpty(_ibmMqClientSettings.SslPeerName))
properties.Add(MQC.SSL_PEER_NAME_PROPERTY, _ibmMqClientSettings.SslPeerName);
queueManager = new MQQueueManager(_ibmMqClientSettings.QueueManagerName, properties);
MQQueue queue = queueManager.AccessQueue(_ibmMqClientSettings.InputQueueName, MQC.MQOO_OUTPUT + MQC.MQOO_FAIL_IF_QUIESCING);
MQMessage mqMessage = new MQMessage();
mqMessage.WriteString("Test");
MQPutMessageOptions pmo = new MQPutMessageOptions();
queue.Put(mqMessage, pmo);
queue.Close();
queueManager.Disconnect();
0000015E 00:30:53.734180 1.9 Connect
0000015F 00:30:53.765020 1.9 Connect returned True
00000160 00:30:53.765564 1.9 TCP/IP LINGER disabled
00000161 00:30:53.765627 1.9 Using socket send buffer size 32768
00000162 00:30:53.765644 1.9 Using socket receive buffer size 32768
00000163 00:30:53.765657 1.9 -----------} MQTCPConnection.ConnectUsingLocalAddr(ParsedLocalAddr,IPAddress,int) rc=OK
00000164 00:30:53.765685 1.9 IP:<<<hide>>>
00000165 00:30:53.766124 1.9 Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#00A9385C MQMBID sn=p934-L230927 su=_4-aYmF0ZEe6zC4r8n5F4rg pn=basedotnet/nmqi/NmqiObject.cs
00000166 00:30:53.766185 1.9 Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#00A9385C MQMBID sn=p934-L230927 su=_4-aYmF0ZEe6zC4r8n5F4rg pn=basedotnet/nmqi/MQEncryptedSocket.cs
00000167 00:30:53.766750 1.9 -----------{ MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions)
00000168 00:30:53.766889 1.9 KeyStore is *USER
00000169 00:30:53.767113 1.9 KeyResetCount is 0
0000016A 00:30:53.767176 1.9 CertificationCheck = False
0000016B 00:30:53.767204 1.9 Hostname is :<<<hide>>>
0000016C 00:30:53.767216 1.9 CipherSpec value is ECDHE_RSA_AES_256_GCM_SHA384
0000016D 00:30:53.767253 1.9 SSLPEERNAME value is <<<hide>>>
0000016E 00:30:53.767271 1.9 -----------} MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions) rc=OK
0000016F 00:30:53.769194 1.9 -----------{ MQEncryptedSocket.MakeSecuredConnection()
00000170 00:30:53.769324 1.9 Created an instance of SSLStreams
00000171 00:30:53.769351 1.9 Setting current certificate store as 'User'
00000172 00:30:53.769359 1.9 Linux so use My & CurrentUser
00000173 00:30:53.769371 1.9 Created store object to access certificates
00000174 00:30:53.769406 1.9 Opened store
00000175 00:30:53.769422 1.9 Accessing certificate - <<<hide>>>
00000176 00:30:53.864908 1.9 Number of certificates in the store:3
00000177 00:30:53.865651 1.9 TLS12 supported - True
00000178 00:30:53.865713 1.9 TLS13 supported - True
00000179 00:30:53.866134 1.9 Cipherspec protocol version:TLS 1.2
0000017A 00:30:53.866678 1.9 Setting SslProtol as Tls12
0000017B 00:30:53.866721 1.9 Starting SSL Authentication
0000017C 00:30:53.867898 1.9 Server name is set to <<<hide>>>
0000017D 00:30:53.868653 1.9 ------------{ MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[])
0000017E 00:30:53.868729 1.9 Client callback has been invoked to find client certificate
0000017F 00:30:53.868776 1.9 ------------} MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) rc=OK
00000180 00:30:53.910145 1.9 System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
---> Interop+Crypto+OpenSslCryptographicException: error:0A000410:SSL routines::sslv3 alert handshake failure
--- End of inner exception stack trace ---
at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount)
at System.Net.Security.SslStreamPal.HandshakeInternal(SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions)
at IBM.WMQ.Nmqi.MQEncryptedSocket.MakeSecuredConnection()
00000181 00:30:53.910517 1.9 New MQException CompCode: 2 Reason: 2393
00000182 00:30:53.910653 1.9 -----------} MQEncryptedSocket.MakeSecuredConnection() rc=OK
00000183 00:30:53.910815 1.9 CompCode: 2, Reason: 2393
00000184 00:30:53.910877 1.9 ----------} MQTCPConnection.ConnectSocket(string,string,MQLONG) rc=OK
00000185 00:30:53.910917 1.9 CompCode: 2, Reason: 2393
00000186 00:30:53.911203 1.9 New MQException CompCode: 2 Reason: 2393
00000187 00:30:53.911255 1.9 New NmqiException CompCode: 2 Reason: 2393
00000188 00:30:53.911439 1.9 ----------{ MQFAPConnection.CleanUp(Boolean,NmqiException) inputs [False] [CompCode: 2, Reason: 2393]
00000189 00:30:53.911480 1.9 ----------} MQFAPConnection.CleanUp(Boolean,NmqiException) rc=OK
0000018A 00:30:53.911542 1.9 ---------} MQFAPConnection.Connect(MQConnectionSecurityParameters) rc=OK
0000018B 00:30:53.911590 1.9 CompCode: 2, Reason: 2393
0000018C 00:30:53.911735 1.9 --------} MQConnectionSpecification.CreateAndConnectConnection(MQConnectionSecurityParameters,MQFAP,String,MQConnectOptions,int) rc=OK
0000018D 00:30:53.911795 1.9 -------} MQConnectionSpecification.GetSessionFromNewConnection(MQConnectionSecurityParameters,MQFAP,String,MQConnectOptions,int) rc=OK
0000018E 00:30:53.911815 1.9 Exit AssingSession from new connection:
0000018F 00:30:53.911823 1.9 ------} MQConnectionSpecification.GetSession(MQConnectionSecurityParameters,MQFAP,String,MQConnectOptions,int) rc=OK
00000190 00:30:53.911839 1.9 -----} MQFAPConnectionPool.GetSession(MQConnectOptions,MQConnectionSecurityParameters,MQChannelDefinition,String,int,String,String,int,int) rc=OK
00000191 00:30:53.911861 1.9 ----} MQFAP.NmqiConnect(String,NmqiConnectOptions,MQConnectOptions,Hconn,Phconn,out int,out int,ManagedHconn) rc=OK
00000192 00:30:53.911886 1.9 CompCode: 2, Reason: 2393
00000193 00:30:53.911908 1.9 ---} MQFAP.MQCONNX(String,MQConnectOptions,Phconn,out int,out int) rc=OK
00000194 00:30:53.912088 1.9 IBM.WMQ.MQQueueManager#0166E899 throwing MQException: cc=2 rc=2393
00000195 00:30:53.912137 1.9 New MQException CompCode: 2 Reason: 2393
00000196 00:30:53.912269 1.9 --}! MQQueueManager.Connect() rc=(Unknown(2393))
------------------------------
Kammm
------------------------------