- MQ8. I created two channels, FOO and SYSTEM.ADMIN.SVRCONN in a new queue manager MYQMGR.
- I created a TCP listener on port 1414.
- I created a kdb and associated files in /var/mqm/qmgrs/MYQMGR/ssl, with a server certificate for the qmgr.
- I checked SSLKEYR on the qmgr is set to the right value: /var/mqm/qmgrs/MYQMGR/ssl/key in my case.
- I set SSLCIPH on both channels to TLS_RSA_WITH_AES_128_CBC_SHA256.
- I stopped and started the queue manager.
This being an SSL connection, I'd expect to be able to use openssl s_client -connect localhost:1414 to check if it works at all. However I just get:
CONNECTED(00000003)
140512696194912:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 249 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Which sounds to me like there's no one speaking SSL on the port. What am I missing?
See below for output of DISPLAY LISTENER(*) ALL, DISPLAY QMGR and DISPLAY CHANNEL(*) ALL:
DISPLAY LISTENER(*) ALL
4 : DISPLAY LISTENER(*) ALL
AMQ8630: Display listener information details.
LISTENER(ADEP.DEV.LISTENER) CONTROL(QMGR)
TRPTYPE(TCP) PORT(1414)
IPADDR( ) BACKLOG(0)
DESCR( ) ALTDATE(2017-01-17)
ALTTIME(12.00.31)
AMQ8630: Display listener information details.
LISTENER(SYSTEM.DEFAULT.LISTENER.TCP) CONTROL(MANUAL)
TRPTYPE(TCP) PORT(0)
IPADDR( ) BACKLOG(0)
DESCR( ) ALTDATE(2017-01-17)
ALTTIME(12.00.31)
DISPLAY QMGR
1 : DISPLAY QMGR
AMQ8408: Display Queue Manager details.
QMNAME(MYQMGR) ACCTCONO(DISABLED)
ACCTINT(1800) ACCTMQI(OFF)
ACCTQ(OFF) ACTIVREC(MSG)
ACTVCONO(DISABLED) ACTVTRC(OFF)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
AUTHOREV(DISABLED) CCSID(1208)
CERTLABL(ibmwebspheremqfoo) CERTVPOL(ANY)
CHAD(DISABLED) CHADEV(DISABLED)
CHADEXIT( ) CHLEV(DISABLED)
CHLAUTH(DISABLED) CLWLDATA( )
CLWLEXIT( ) CLWLLEN(100)
CLWLMRUC(999999999) CLWLUSEQ(LOCAL)
CMDEV(DISABLED) CMDLEVEL(800)
COMMANDQ(SYSTEM.ADMIN.COMMAND.QUEUE) CONFIGEV(DISABLED)
CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
CRDATE(2017-01-17) CRTIME(12.00.30)
CUSTOM( ) DEADQ(DLQ)
DEFCLXQ(SCTQ) DEFXMITQ( )
DESCR( ) DISTL(YES)
INHIBTEV(DISABLED) IPADDRV(IPV4)
LOCALEV(DISABLED) LOGGEREV(DISABLED)
MARKINT(5000) MAXHANDS(256)
MAXMSGL(4194304) MAXPROPL(NOLIMIT)
MAXPRTY(9) MAXUMSGS(10000)
MONACLS(QMGR) MONCHL(OFF)
MONQ(OFF) PARENT( )
PERFMEV(DISABLED) PLATFORM(UNIX)
PSMODE(ENABLED) PSCLUS(ENABLED)
PSNPMSG(DISCARD) PSNPRES(NORMAL)
PSRTYCNT(5) PSSYNCPT(IFPER)
QMID(MYQMGR_2017-01-17_12.00.30) REMOTEEV(DISABLED)
REPOS( ) REPOSNL( )
REVDNS(ENABLED) ROUTEREC(MSG)
SCHINIT(QMGR) SCMDSERV(QMGR)
SPLCAP(ENABLED) SSLCRLNL( )
SSLCRYP( ) SSLEV(DISABLED)
SSLFIPS(NO)
SSLKEYR(/var/mqm/qmgrs/MYQMGR/ssl/key)
SSLRKEYC(0) STATACLS(QMGR)
STATCHL(OFF) STATINT(1800)
STATMQI(OFF) STATQ(OFF)
STRSTPEV(ENABLED) SUITEB(NONE)
SYNCPT TREELIFE(1800)
TRIGINT(999999999) VERSION(08000004)
XRCAP(YES)
DISPLAY CHANNEL(*) ALL
2 : DISPLAY CHANNEL(*) ALL
AMQ8414: Display Channel details.
CHANNEL(FOO) CHLTYPE(SVRCONN)
ALTDATE(2017-01-18) ALTTIME(02.36.46)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE)
DESCR(Channel to Put and Get from AL)
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(OPTIONAL)
SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
SSLPEER( ) TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.ADMIN.SVRCONN) CHLTYPE(SVRCONN)
ALTDATE(2017-01-18) ALTTIME(02.39.40)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) DESCR( )
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(OPTIONAL)
SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
SSLPEER( ) TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.AUTO.RECEIVER) CHLTYPE(RCVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHSZ(50) CERTLABL( )
COMPHDR(NONE) COMPMSG(NONE)
DESCR(Auto-defined by) HBINT(300)
KAINT(AUTO) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
MRDATA( ) MREXIT( )
MRRTY(10) MRTMR(1000)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PUTAUT(DEF)
RCVDATA( ) RCVEXIT( )
RESETSEQ(NO) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SEQWRAP(999999999)
SSLCAUTH(REQUIRED) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TRPTYPE(TCP) USEDLQ(YES)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.AUTO.SVRCONN) CHLTYPE(SVRCONN)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) DESCR(Auto-defined by)
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.CLUSRCVR) CHLTYPE(CLUSRCVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) CLUSNL( )
CLUSTER( ) CLWLPRTY(0)
CLWLRANK(0) CLWLWGHT(50)
COMPHDR(NONE) COMPMSG(NONE)
CONNAME( ) CONVERT(NO)
DESCR( ) DISCINT(6000)
HBINT(300) KAINT(AUTO)
LOCLADDR( ) LONGRTY(999999999)
LONGTMR(1200) MAXMSGL(4194304)
MCANAME( ) MCATYPE(THREAD)
MCAUSER( ) MODENAME( )
MONCHL(QMGR) MRDATA( )
MREXIT( ) MRRTY(10)
MRTMR(1000) MSGDATA( )
MSGEXIT( ) NETPRTY(0)
NPMSPEED(FAST) PROPCTL(COMPAT)
PUTAUT(DEF) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
STATCHL(QMGR) TPNAME( )
TRPTYPE(TCP) USEDLQ(YES)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.CLUSSDR) CHLTYPE(CLUSSDR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CLUSNL( ) CLUSTER( )
CLWLPRTY(0) CLWLRANK(0)
CLWLWGHT(50) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR( )
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(THREAD) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.RECEIVER) CHLTYPE(RCVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHSZ(50) CERTLABL( )
COMPHDR(NONE) COMPMSG(NONE)
DESCR( ) HBINT(300)
KAINT(AUTO) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
MRDATA( ) MREXIT( )
MRRTY(10) MRTMR(1000)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PUTAUT(DEF)
RCVDATA( ) RCVEXIT( )
RESETSEQ(NO) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SEQWRAP(999999999)
SSLCAUTH(REQUIRED) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TRPTYPE(TCP) USEDLQ(YES)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.REQUESTER) CHLTYPE(RQSTR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHSZ(50) CERTLABL( )
COMPHDR(NONE) COMPMSG(NONE)
CONNAME( ) DESCR( )
HBINT(300) KAINT(AUTO)
LOCLADDR( ) MAXMSGL(4194304)
MCANAME( ) MCATYPE(PROCESS)
MCAUSER( ) MODENAME( )
MONCHL(QMGR) MRDATA( )
MREXIT( ) MRRTY(10)
MRTMR(1000) MSGDATA( )
MSGEXIT( ) NPMSPEED(FAST)
PASSWORD( ) PUTAUT(DEF)
RCVDATA( ) RCVEXIT( )
RESETSEQ(NO) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SEQWRAP(999999999)
SSLCAUTH(REQUIRED) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.SENDER) CHLTYPE(SDR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR( )
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(PROCESS) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
XMITQ( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.SERVER) CHLTYPE(SVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR( )
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(PROCESS) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
STATCHL(QMGR) TPNAME( )
TRPTYPE(TCP) USEDLQ(YES)
USERID( ) XMITQ( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.SVRCONN) CHLTYPE(SVRCONN)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) DESCR( )
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.CLNTCONN) CHLTYPE(CLNTCONN)
AFFINITY(PREFERRED) ALTDATE(2017-01-17)
ALTTIME(12.00.31) CERTLABL( )
CLNTWGHT(0) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
DEFRECON(NO) DESCR( )
HBINT(300) KAINT(AUTO)
LOCLADDR( ) MAXMSGL(4194304)
MODENAME( ) PASSWORD( )
QMNAME( ) RCVDATA( )
RCVEXIT( ) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SHARECNV(10)
SSLCIPH( ) SSLPEER( )
TPNAME( ) TRPTYPE(TCP)
USERID( )
ibmwebspheremqfoomatch the label of the cert in thekey.kdbfile? Does thekey.kdbfile contain the full chain of issuing certs (ex: root and intermediate)? - JoshMc