Andrew Hunt
2013-08-30 16:07:32 UTC
Hi Listers.
I am working on an upgrade from MQ6023 (Solaris) to MQ75. (Red Hat)
As part of the upgrade I am using the new machine to test the connections
which has SSL applied. However I am getting an unexplained AMQ9633 error
pasted below.
This is a Versign CA cert and and intermediate. I have checked that the
Authentication key serial number matches the serial in the root cert. I have;
- remove the certs and readded (in two orders)
- removed all extra certs and added only verisign
- rebuilt keystore from scratch
We are using OCSPAuthentication=OPTIONAL in the qm.ini. It doesn't seem to
be an LDAP problem as far as I can tell
We have used self signed (within the bank) for 6 years and conencting to
external company using Verisign.
There are othe connections which use the same chain that are working.
Has anyone got any hints or ideas? I'm stumped....
-------------
Error message
-------------
AMQ9633: Bad SSL certificate for channel '<channelname>'.
EXPLANATION:
A certificate encountered during SSL handshaking is regarded as bad for one of
the following reasons:
(a) it was formatted incorrectly and could not be validated
(b) it was formatted correctly but failed validation against the Certification
Authority (CA) root and other certificates held on the local system
(c) it was found in a Certification Revocation List (CRL) on an LDAP server
(d) a CRL was specified but the CRL could not be found on the LDAP server
(e) an OCSP responder has indicated that it is revoked
The channel is '<channelname>'; in some cases its name cannot be
determined and so is shown as '????'. The remote host is
'destinationhostname (destI)(1453)'. The channel did not start.
The details of the certificate which could not be validated are '????'.
The certificate validation error was 575010.
----------------------
Thanks in advance,
Andrew Hunt
To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
I am working on an upgrade from MQ6023 (Solaris) to MQ75. (Red Hat)
As part of the upgrade I am using the new machine to test the connections
which has SSL applied. However I am getting an unexplained AMQ9633 error
pasted below.
This is a Versign CA cert and and intermediate. I have checked that the
Authentication key serial number matches the serial in the root cert. I have;
- remove the certs and readded (in two orders)
- removed all extra certs and added only verisign
- rebuilt keystore from scratch
We are using OCSPAuthentication=OPTIONAL in the qm.ini. It doesn't seem to
be an LDAP problem as far as I can tell
We have used self signed (within the bank) for 6 years and conencting to
external company using Verisign.
There are othe connections which use the same chain that are working.
Has anyone got any hints or ideas? I'm stumped....
-------------
Error message
-------------
AMQ9633: Bad SSL certificate for channel '<channelname>'.
EXPLANATION:
A certificate encountered during SSL handshaking is regarded as bad for one of
the following reasons:
(a) it was formatted incorrectly and could not be validated
(b) it was formatted correctly but failed validation against the Certification
Authority (CA) root and other certificates held on the local system
(c) it was found in a Certification Revocation List (CRL) on an LDAP server
(d) a CRL was specified but the CRL could not be found on the LDAP server
(e) an OCSP responder has indicated that it is revoked
The channel is '<channelname>'; in some cases its name cannot be
determined and so is shown as '????'. The remote host is
'destinationhostname (destI)(1453)'. The channel did not start.
The details of the certificate which could not be validated are '????'.
The certificate validation error was 575010.
----------------------
Thanks in advance,
Andrew Hunt
To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES