5

Received signed certificate, installed in windows user cert. store with the public key from MQ, but getting MQRC_Q_MGR_NOT_AVAILABLE error?

 <add key="sslCertStore" value="*USER"/> 
 <add key="SslCipherSpec" value="TLS_RSA_WITH_AES_128_CBC_SHA256"/>

What's missing?

EDIT One more question - where certificates should be placed to be available using

<add key="sslCertStore" value="*SYSTEM"/>
Yuri
  • 2,820
  • 4
  • 28
  • 40
  • Did you saw this post: http://stackoverflow.com/a/15078901/213550 ? – VMAtm Dec 22 '15 at 17:53
  • Thank you, yes - looked at it. not my case – Yuri Dec 22 '15 at 18:45
  • Are you using MQ V8? Import the obtained client side SSL Certificate to the the Windows Certificate Store. (Under COMPUTER/USER account). This blog may be useful to you: https://www.ibm.com/developerworks/community/blogs/messaging/entry/mq_v8_dot_net_samples_can_create_ssl_connection_in_managed_mode?lang=en – ValerieLampkin Dec 22 '15 at 20:05
  • Have you been able to validate that the QM is started and running correctly? As you are not getting a security exception? – Calanais Dec 23 '15 at 10:06
  • This exception has nothing to do with SSL. Check the address you are trying to reach the QM on, and that the QM is running and listening for connections. – Attila Repasi Dec 23 '15 at 21:23
  • 1
    it works when security is optional, so it is SSL – Yuri Dec 24 '15 at 12:21
  • @Atilla - when SSL is optional on the server it all magically works – Yuri Jan 05 '16 at 17:54

1 Answers1

3

Looking at the comments and question i see you mention

Received signed certificate, installed in windows user cert store with the public key from MQ

and

when SSL is optional on the server it all magically works

From this i believe you are trying to connect a client into your Queue Manager where the client application has it's own certificate. Because you have not specified a certificate for the client to use i don't believe the client is connecting with the (signed) certificate you added to the windows certificate store. This is why it works when the SSL is set to optional but does not work when the SSL is set to required. (Assuming you are talking about the SSLCAUTH attribute on the channel)

From this knowledge center page i believe you need to add the following:

<add key="CertificateLabel" value="certificatelabel"/>

replacing certificatelabel with the label of the certificate you want the client to use.

Rob Parker
  • 765
  • 5
  • 19