Original Message:
Sent: Tue April 16, 2024 04:35 PM
From: Satheesh N
Subject: MQ Connectivity Issue (Exception - MQRC_SSL_INITIALIZATION_ERROR) in .Net code
Hi Francois,
We have "MY_CERT_COMMON_NAME" setup as the ssl peer in the queue manager/channel.
And I have the cert available in my user's cert manager, which match to the ssl peer name in the server. "CN=MY_CERT_COMMON_NAME"
We are able to connect to the same queue manager & queues using Java. The java code reads the specific cert file from the resources folder. But in .NET we point to the user's cert, where we have more than one cert. I thought cf.SetStringProperty(XMSC.WMQ_SSL_PEER_NAME, "CN=MY_CERT_COMMON_NAME") point the .NET code to pick the correct cert file and send to server for ssl peer validation.
--------------------
Java Code that works
--------------------
private static void checkMqConnectivity() {
String keyStoreFilename = "myCert.pfx";
String keystorePwd="MyKeystorePassword";
MQQueueManager mqManager = null;
SSLContext sslContext = SSLContextBuilder.create()
.loadKeyMaterial(KeyStoreFileService.getKeyStoreFile(), //This method load the cert file in resources folder.
keystorePwd.toCharArray(), keystorePwd.toCharArray())
.build();
System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false");
MQEnvironment.channel = "MY.CHANNEL.NAME";
MQEnvironment.hostname = "my.org.net";
MQEnvironment.port = "62318";
MQEnvironment.sslCipherSuite = "TLS_RSA_WITH_AES_256_CBC_SHA256";
MQEnvironment.sslSocketFactory = sslContext.getSocketFactory();
mqManager = new MQQueueManager("MY_QMGR");
}
------------------------------
Satheesh N
Original Message:
Sent: Fri April 12, 2024 03:55 AM
From: Francois Brandelik
Subject: MQ Connectivity Issue (Exception - MQRC_SSL_INITIALIZATION_ERROR) in .Net code
Hi Satesh,
This is where things go wrong:
cf.SetStringProperty(XMSC.WMQ_SSL_PEER_NAME, "CN=MY_CERT_COMMON_NAME");
What you need here is not your cert's information (client), but the qmgr's cert's information....
Hope it helps
------------------------------
Francois Brandelik
Original Message:
Sent: Thu April 11, 2024 06:18 PM
From: Satheesh N
Subject: MQ Connectivity Issue (Exception - MQRC_SSL_INITIALIZATION_ERROR) in .Net code
I am getting the exception MQRC_SSL_INITIALIZATION_ERROR while connecting to MQ in .net standard 6.0 with c#
I dont know the correct syntax/parameter to initiate the connection using certificate authentication in c#.
Package used - IBMXMSDotnetClient (v9.3.5)
using IBM.XMS;
namespace DataBroker.Infrastructure.Services
{
internal class MQClientService
{
public MQClientService() { }
public void ConnectionCheck()
{
XMSFactoryFactory factoryFactory;
IConnectionFactory cf;
IConnection connectionWMQ;
factoryFactory = XMSFactoryFactory.GetInstance(XMSC.CT_WMQ);
cf = factoryFactory.CreateConnectionFactory();
cf.SetIntProperty(XMSC.WMQ_CONNECTION_MODE, XMSC.WMQ_CM_CLIENT);
cf.SetStringProperty(XMSC.WMQ_HOST_NAME, "my.org.net");
cf.SetStringProperty(XMSC.WMQ_PORT, "62318");
cf.SetStringProperty(XMSC.WMQ_QUEUE_MANAGER, "MY_QMGR");
cf.SetStringProperty(XMSC.WMQ_CHANNEL, "MY.CHANNEL.NAME");
/* Certificate details
* CN: MY_CERT_COMMON_NAME
* Issued To: MY_CERT_COMMON_NAME
* Friendly Name: MY_CERT_COMMON_NAME
* */
cf.SetStringProperty(XMSC.WMQ_SSL_PEER_NAME, "CN=MY_CERT_COMMON_NAME");
cf.SetStringProperty(XMSC.PASSWORD, "Cert_Password");
//Certificate is stored in user windows desktop - Current Use > Personal > Certs
cf.SetStringProperty(XMSC.WMQ_SSL_KEY_REPOSITORY, "*USER");
cf.SetStringProperty(XMSC.WMQ_SSL_CIPHER_SPEC, "TLS_RSA_WITH_AES_256_CBC_SHA256");
connectionWMQ = cf.CreateConnection();
Console.WriteLine("Connection created");
}
}
I cant install MQ client in work place, so dont have access to sample code.
------------------------------
Satheesh N
------------------------------