MQ

 View Only

 Connecting to several IBMMQ queues in one .Net application - problem with certificates

Dominika's profile image
Dominika posted Thu February 13, 2025 05:49 AM

I'm trying to connect to 2 IBMMQ queues in one .Net (managed) application.

I have a problem because when I try to connect, one certificate is always selected even though I set WMQ_SSL_CLIENT_CERT_LABEL for each connection.

The certificates are loaded in the USER store.

 Here is my configuration:

             IConnectionFactory cf = factory.CreateConnectionFactory();

              cf.SetStringProperty(XMSC.WMQ_HOST_NAME, Host);
              cf.SetIntProperty(XMSC.WMQ_PORT, Post);
              cf.SetStringProperty(XMSC.WMQ_CHANNEL, Channel);
              cf.SetIntProperty(XMSC.WMQ_CONNECTION_MODE, ConnectionMode);
              cf.SetStringProperty(XMSC.WMQ_QUEUE_MANAGER, QueueManager);
              cf.SetStringProperty(XMSC.WMQ_CCSID, CcsId);
              cf.SetStringProperty(XMSC.WMQ_SSL_PEER_NAME, PeerName);
              cf.SetStringProperty(XMSC.WMQ_SSL_CIPHER_SPEC, CipherSpec);
              cf.SetStringProperty(XMSC.WMQ_SSL_CIPHER_SUITE, CipherSuite);
              cf.SetStringProperty(XMSC.WMQ_SSL_KEY_REPOSITORY, SslKeyRepository);
              cf.SetStringProperty(XMSC.WMQ_SSL_CLIENT_CERT_LABEL, ClientCertLabel);

Do you have an idea what I'm doing wrong or what needs to be set additionally?

om prakash's profile image
om prakash IBM Champion posted Fri February 14, 2025 08:01 AM

If you disconnect the first queue manager and then establish connection to the 2nd queue manager; it should work. Also; try to remove the setProperty to ensure it is removed and added when the new connection is established.

Dominika's profile image
Dominika posted Fri February 14, 2025 08:29 AM

@Om Parkash I would like to establish two connections to IBMMQ in parallel. That's why I can't disconnect. My connections are in the hosted service and other parameters are correct, but the certificate is selected incorrectly.

om prakash's profile image
om prakash IBM Champion posted Fri February 14, 2025 11:07 AM

I know you would have tried; What about different paths; your keystore and truststore location change. This way 2 connection factory for the endpoints. I haven't tried the same setup; but give a shot to see what happens.

Francois Brandelik's profile image
Francois Brandelik IBM Champion posted Fri February 14, 2025 01:43 PM

You absolutely need 2 distinct IConnectionFactory objects, each initialized for and representing the connection to a specific queue manager.

Hope this helps.

Dominika's profile image
Dominika posted Mon February 17, 2025 04:39 AM

@Francois Brandelik I am creating 2 distict factory. Other parameters change, only the certificate is always selected the same.

Dominika's profile image
Dominika posted Mon February 17, 2025 04:41 AM

@Om Prakash I'm trying to do it on osh and in the logs I see the entry: 

Created an instance of SSLStreams
09:50:41.757215  1.0001  IBM.WMQ.Nmqi.MQEncryptedSocket            ----+-  d  Setting current certificate store as 'Computer'
09:50:41.757241  1.0001  IBM.WMQ.Nmqi.MQEncryptedSocket            ----+-  d  Linux so use My & CurrentUser

09:50:41.757267  1.0001  IBM.WMQ.Nmqi.MQEncryptedSocket            ----+-  d  Created store object to access certificates
09:50:41.757347  1.0001  IBM.WMQ.Nmqi.MQEncryptedSocket            ----+-  d  Opened store

This is a log from the IBM MQ library