MQ

 View Only
  • 1.  MQ Connectivity Issue (Exception - MQRC_SSL_INITIALIZATION_ERROR) in .Net code

    Posted Thu April 11, 2024 08:58 PM

    I am getting the exception MQRC_SSL_INITIALIZATION_ERROR while connecting to MQ in .net standard 6.0 with c#

    I dont know the correct syntax/parameter to initiate the connection using certificate authentication in c#.

    Package used - IBMXMSDotnetClient (v9.3.5)

    using IBM.XMS;

    namespace DataBroker.Infrastructure.Services
    {
        internal class MQClientService
        {        
            public MQClientService() { }

            public void ConnectionCheck()
            {
                XMSFactoryFactory factoryFactory;
                IConnectionFactory cf;
                IConnection connectionWMQ;
                factoryFactory = XMSFactoryFactory.GetInstance(XMSC.CT_WMQ);
                cf = factoryFactory.CreateConnectionFactory();

                cf.SetIntProperty(XMSC.WMQ_CONNECTION_MODE, XMSC.WMQ_CM_CLIENT); 
                cf.SetStringProperty(XMSC.WMQ_HOST_NAME, "my.org.net");
                cf.SetStringProperty(XMSC.WMQ_PORT, "62318");

                cf.SetStringProperty(XMSC.WMQ_QUEUE_MANAGER, "MY_QMGR");
                cf.SetStringProperty(XMSC.WMQ_CHANNEL, "MY.CHANNEL.NAME");
                
                /* Certificate details
                 * CN: MY_CERT_COMMON_NAME
                 * Issued To: MY_CERT_COMMON_NAME
                 * Friendly Name: MY_CERT_COMMON_NAME
                 * */

                cf.SetStringProperty(XMSC.WMQ_SSL_PEER_NAME, "CN=MY_CERT_COMMON_NAME");
                cf.SetStringProperty(XMSC.PASSWORD, "Cert_Password");
                //Certificate is stored in user windows desktop - Current Use > Personal > Certs
                cf.SetStringProperty(XMSC.WMQ_SSL_KEY_REPOSITORY, "*USER");
                cf.SetStringProperty(XMSC.WMQ_SSL_CIPHER_SPEC, "TLS_RSA_WITH_AES_256_CBC_SHA256");
                
                connectionWMQ = cf.CreateConnection();
                Console.WriteLine("Connection created");
            }

    }

    I cant install MQ client in work place, so dont have access to sample code.



    ------------------------------
    Satheesh N
    ------------------------------


  • 2.  RE: MQ Connectivity Issue (Exception - MQRC_SSL_INITIALIZATION_ERROR) in .Net code

    IBM Champion
    Posted Fri April 12, 2024 03:56 AM

    Hi Satesh,

    This is where things go wrong:

    cf.SetStringProperty(XMSC.WMQ_SSL_PEER_NAME, "CN=MY_CERT_COMMON_NAME");

    What you need here is not your cert's  information (client), but the qmgr's cert's information....

    Hope it helps



    ------------------------------
    Francois Brandelik
    ------------------------------



  • 3.  RE: MQ Connectivity Issue (Exception - MQRC_SSL_INITIALIZATION_ERROR) in .Net code

    Posted Tue April 16, 2024 04:36 PM
    Edited by Satheesh N Tue April 16, 2024 05:16 PM

    Hi Francois,

    We have "MY_CERT_COMMON_NAME" setup as the ssl peer in the queue manager/channel.
    And I have the cert available in my user's cert manager, which match to the ssl peer name in the server. "CN=MY_CERT_COMMON_NAME"
    We are able to connect to the same queue manager & queues using Java. The java code reads the specific cert file from the resources folder. But in .NET we point to the user's cert, where we have more than one cert.  I thought cf.SetStringProperty(XMSC.WMQ_SSL_PEER_NAME, "CN=MY_CERT_COMMON_NAME") point the .NET code to pick the correct cert file and send to server for ssl peer validation.

    --------------------
    Java Code that works
    --------------------
    private static void checkMqConnectivity() {
    String keyStoreFilename =  "myCert.pfx";
    String keystorePwd="MyKeystorePassword";
    MQQueueManager mqManager = null;
    SSLContext sslContext = SSLContextBuilder.create()
    .loadKeyMaterial(KeyStoreFileService.getKeyStoreFile(), //This method load the cert file in resources folder.
    keystorePwd.toCharArray(), keystorePwd.toCharArray())
    .build();
    System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false");
    MQEnvironment.channel = "MY.CHANNEL.NAME";
    MQEnvironment.hostname = "my.org.net";
    MQEnvironment.port = "62318";
    MQEnvironment.sslCipherSuite = "TLS_RSA_WITH_AES_256_CBC_SHA256";
    MQEnvironment.sslSocketFactory = sslContext.getSocketFactory();
    mqManager = new MQQueueManager("MY_QMGR");
    }

    ------------------------------
    Satheesh N
    ------------------------------



  • 4.  RE: MQ Connectivity Issue (Exception - MQRC_SSL_INITIALIZATION_ERROR) in .Net code

    IBM Champion
    Posted Tue April 16, 2024 08:18 PM

    Hi Satheesh,

    The code:

    cf.SetStringProperty(XMSC.WMQ_SSL_PEER_NAME, "CN=MY_CERT_COMMON_NAME") 

    tells MQ to check the certificate from the partner (so the queue manager in this situation) matches the provided Distinguished Name.

    It sounds like you need to set the certificate label field to contain the friendly name of your certificate in the *USER keystore.

    Read https://www.ibm.com/docs/en/ibm-mq/9.3?topic=client-using-certificates-managed-net for more details on doing this.

    Cheers,
    Morag



    ------------------------------
    Morag Hughson
    MQ Technical Education Specialist
    MQGem Software Limited
    Website: https://www.mqgem.com
    ------------------------------