I am using MQ client 9.1
and able to successfully connect via SSL from my .Net application when I use keystore.kdb
file.
My question is, can I still connect from .Net application if I don't use keystore.kdb
file and instead just import SSL certificate in Windows machine?
I tried but can't find any syntax or way to do it so just curious if it is even possible?
EDIT
Here is relevant part of my code.
MQEnvironment.SSLKeyRepository = "*SYSTEM";
QProperties["CertificateLabel"] = "MyCert";
QProperties[MQC.SSL_CERT_STORE_PROPERTY] = "*SYSTEM";
If I use amqmdnet.dll
and run code then I get error MQRC_KEY_REPOSITORY_ERROR
If I use amqmdnetstd.dll
and run code then I get error MQRC_HOST_NOT_AVAILABLE
EDIT
After I enabled trace, I am getting following error in logs. TLS1.2 is enabled on this machine. No idea what is causing below error.
the client and server cannot communicate because they do not possess a common algorithm
EDIT
SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 are disabled.
Only TLS 1.2 is enabled.
EDIT
I used the SslTcpClient
example given below and it was throwing exact same error as mentioned above. Then I modified just one line of code and now I am able to connect. The trick was to define SSL protocol version 1.2. But how can I do the same in MQ?
Example
SslStream Class (System.Net.Security) | Microsoft Learn
Original code which is throwing error
sslStream.AuthenticateAsClient(serverName);
Modified code which worked
sslStream.AuthenticateAsClient(serverName, null, SslProtocols.Tls12, true);
------------------------------
Frank Martin
------------------------------