Discussion:
SSL Connection problem between MQ and WAS
Jacky Bright
2013-06-25 22:42:47 UTC
Permalink
We have configured the SSL Sender channel from MQ to WAS with SSL Cipher.
WAS Side also Receiver Link was configured properly. But still when I start
the MQ Sender Channel it goes in Binding for a long time and then finally
status becomes Retrying state.

MQ Side errors:

MQ9665: SSL connection closed by remote end of channel '????'.

EXPLANATION:
The SSL connection was closed by the remote end of the channel during
the SSL
handshake. The channel is '????'; in some cases its name cannot be
determined
and so is shown as '????'. The channel did not start.
ACTION:
Check the remote end of the channel for SSL-related errors. Fix them
and
restart the channel.

But I my all other SSL Channels with same parms working fine with other MQ
QMGRs. There seems to be problem only with this WAS connection. From WAS
Side there are few SSL exceptions with need_unwrap.

Any idea what could be the issue ?

Rgds,
JAcky

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
Neil Casey
2013-06-26 02:17:11 UTC
Permalink
Hi Jacky,

do your certificates include CDP or OCSP information?

If they do, then various levels of MQ and/or WAS software may try to honor
that information by retrieving the revocation information. If the
responders/servers are not available, or if firewalls block access, you
could see delays and/or failed sessions, depending on configuration of MQ
and WAS.



Regards

Neil Casey
Technical Consultant Messaging


Phone: +61-3-8641-1068 | Mobile: +61-438-573-152
E-mail: Neil.Casey-***@public.gmane.org


c/- NAB 14/555 Collins St
Melbourne, Vic 3000
Australia






Disclaimer: Opinions expressed are those of the author, and not IBM
Corporation. No commitment is expressed or implied.



From: Jacky Bright <jacky.bright-8a+***@public.gmane.org>
To: MQSERIES-JX7+OpRa80QeFbOYke1v4oOpTq8/***@public.gmane.org,
Date: 26/06/2013 09:11
Subject: SSL Connection problem between MQ and WAS
Sent by: MQSeries List <MQSERIES-JX7+OpRa80QeFbOYke1v4oOpTq8/***@public.gmane.org>



We have configured the SSL Sender channel from MQ to WAS with SSL Cipher.
WAS Side also Receiver Link was configured properly. But still when I
start the MQ Sender Channel it goes in Binding for a long time and then
finally status becomes Retrying state.

MQ Side errors:

MQ9665: SSL connection closed by remote end of channel '????'.

EXPLANATION:
The SSL connection was closed by the remote end of the channel during
the SSL
handshake. The channel is '????'; in some cases its name cannot be
determined
and so is shown as '????'. The channel did not start.
ACTION:
Check the remote end of the channel for SSL-related errors. Fix them
and
restart the channel.

But I my all other SSL Channels with same parms working fine with other MQ
QMGRs. There seems to be problem only with this WAS connection. From WAS
Side there are few SSL exceptions with need_unwrap.

Any idea what could be the issue ?

Rgds,
JAcky




List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html

Loading...