MQ

Hello,
I am setting up an MQWeb standalone 9.4.1 server to access remote Queue Managers (different versions).
On a non SSL configuration, no problem.
On an SSL configuration, in console.log, I get the message :  
[ERROR ] MQWB2026E: The connection request to the remote queue manager 'rqmgr-DC850-1731595928663' failed with the error message: 'Uninitialized keystore'.
There is no errors on the Queue Manager side.
I think my keystore (.p12) is OK, because it works with MQ Explorer to the same Queue Manager and the same SVRCONN channel.
The IBM documentation is not very clear on this configuration, I think I must be missing a parameter or a step.
I also tried with a JKS keystore, same problem.

MQWeb standalone doesn't provide the commands to create keystores (it's annoying). My keystores were created on a Windows workstation with MQ 9.4.0.5. Could this have an impact?
Thanks in advance for your ideas.

Hi Luc-Michel,

Have you set the keystore that the mqweb server should use for remote queue manager connections with either setmqweb remote -globalKeyStorePath xxxxx which applies all connections or setmqweb remote  -uniqueName xxxx -keyStorePath xxxxx which applies to an individual connection?

The runmqktool command should be available with the stand-alone mqweb server from MQ 9.4 onwards, so you can create and manage keystores on the same system as the mqweb server (using keytool command syntax).

Hope this helps.

Gwydion

Hello,
I am setting up an MQWeb standalone 9.4.1 server to access remote Queue Managers (different versions).
On a non SSL configuration, no problem.
On an SSL configuration, in console.log, I get the message :  
[ERROR ] MQWB2026E: The connection request to the remote queue manager 'rqmgr-DC850-1731595928663' failed with the error message: 'Uninitialized keystore'.
There is no errors on the Queue Manager side.
I think my keystore (.p12) is OK, because it works with MQ Explorer to the same Queue Manager and the same SVRCONN channel.
The IBM documentation is not very clear on this configuration, I think I must be missing a parameter or a step.
I also tried with a JKS keystore, same problem.

MQWeb standalone doesn't provide the commands to create keystores (it's annoying). My keystores were created on a Windows workstation with MQ 9.4.0.5. Could this have an impact?
Thanks in advance for your ideas.

Hi Gwydion,

This morning, to try and isolate the problem a little further, I ran a test from a Windows 11 workstation, using MQ 9.4.0.5, the workstation where the keystore was created.
The tests were carried out with p12 and jks versions of the keystores.
I got exactly the same error message.
So it's not a problem linked to MQWeb standalone, but to the connection to a remote QM using TLS.
Nor is it a problem related to the version of the keystore.
I continued testing and discovered that the error message remained the same with a typo in the keystore name. Interesting ...
The setmqweb remote command used contains the keystore password in encrypted format (as in the mqwebuser.xml file). And I noticed that this password is re-encrypted in the remoteqmgrs.json file.
By supplying the password in clear text in the setmqweb command, the problem is solved.
That was my mistake!
But too bad that the MQWB2026E message isn't clearer, for example indicating that the keystore wasn't found or that the password is incorrect.

I had imagined (wrongly!) that for security reasons passwords had to be encrypted on the command line. Perhaps in a future version?

Regarding your question, I used 
setmqweb remote -uniqueName xxxx -keyStorePath xxxxx.
The documentation on the globalKeyStorePath / keyStorePath choice is really minimalist.

Thanks !

Hi Luc-Michel,

Have you set the keystore that the mqweb server should use for remote queue manager connections with either setmqweb remote -globalKeyStorePath xxxxx which applies all connections or setmqweb remote  -uniqueName xxxx -keyStorePath xxxxx which applies to an individual connection?

The runmqktool command should be available with the stand-alone mqweb server from MQ 9.4 onwards, so you can create and manage keystores on the same system as the mqweb server (using keytool command syntax).

Hope this helps.

Gwydion

Hello,
I am setting up an MQWeb standalone 9.4.1 server to access remote Queue Managers (different versions).
On a non SSL configuration, no problem.
On an SSL configuration, in console.log, I get the message :  
[ERROR ] MQWB2026E: The connection request to the remote queue manager 'rqmgr-DC850-1731595928663' failed with the error message: 'Uninitialized keystore'.
There is no errors on the Queue Manager side.
I think my keystore (.p12) is OK, because it works with MQ Explorer to the same Queue Manager and the same SVRCONN channel.
The IBM documentation is not very clear on this configuration, I think I must be missing a parameter or a step.
I also tried with a JKS keystore, same problem.

MQWeb standalone doesn't provide the commands to create keystores (it's annoying). My keystores were created on a Windows workstation with MQ 9.4.0.5. Could this have an impact?
Thanks in advance for your ideas.