通过.net客户端通过SSL连接到IBM MQ [英] Connecting to IBM MQ over SSL via .net client

问题描述

我正在尝试通过.NET客户端连接到MQ服务器队列.我需要使用证书进行安全通信.这是我的代码:

I am trying to connect to a MQ server queue via a .NET client. I need to use the certificate for secured communication. Here is the code that I have:

MQEnvironment.SSLKeyRepository = "*SYSTEM";
MQEnvironment.ConnectionName = connectionName;
MQEnvironment.Channel = channelName;
MQEnvironment.properties.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_MANAGED);
MQEnvironment.SSLCipherSpec = "TLS_RSA_WITH_AES_256_CBC_SHA"; 

queueManager = new MQQueueManager(queueManagerName, channelName, connectionName);

queue = queueManager.AccessQueue(SendQueueName,MQC.MQOO_OUTPUT + MQC.MQOO_FAIL_IF_QUIESCING);
queueMessage = new MQMessage();
queueMessage.WriteString(message);
queueMessage.Format = MQC.MQFMT_STRING;
queue.Put(queueMessage, new MQPutMessageOptions());

每次尝试将消息放入队列时，都会收到此错误消息

Every time I try to put the message on the queue, I get this error message

Reason Code: 2059
MQexp.Message: MQRC_Q_MGR_NOT_AVAILABLE

我已经检查了变量的队列管理器名称，队列名称等，它们是正确的. 我还能够在没有SSL的情况下连接到其他队列，我相信我的代码没有提供足够的信息来建立成功的连接.

I have checked my variables for the queue manager name, queue name etc and they are correct. I was also able to connect to a different queue without SSL, I believe that my code is not furnishing enough information to establish a successful connection.

任何帮助，将不胜感激.

Any help on this would be appreciated.

谢谢， 库纳尔

推荐答案

我遇到了相同的问题和错误消息.启用跟踪后，我能够隔离问题. 我一直想知道客户如何从商店中选择正确的客户证书.跟踪输出显示如下:

I had the same problem and error message. After enabling tracing I was able to isolate the problem. I always wondered, how the client is selecting the correct client certificate from the store. The trace output revealed following:

000001B2 15:53:46.828145   20776.10    Created an instance of SSLStreams
000001B3 15:53:46.828145   20776.10    Setting current certificate store as 'Computer'
000001B4 15:53:46.828145   20776.10    Created store object to access certificates
000001B5 15:53:46.834145   20776.10    Opened store
000001B6 15:53:46.834145   20776.10    Accessing certificate - ibmwebspheremqmyusername
000001B7 15:53:46.835145   20776.10    TLS12 supported - True
000001B8 15:53:46.837145   20776.10    Setting SslProtol as Tls
000001B9 15:53:46.837145   20776.10    Starting SSL Authentication

就我而言，我必须将客户端证书的友好名称设置为ibmwebspheremq myusername (用您的用户名替换"myusername")，然后在以及代码:

In my case, I had to set the friendly name of the client certificate to ibmwebspheremqmyusername (replace "myusername" with your userid) and set the label in the code aswell:

properties.Add(MQC.MQCA_CERT_LABEL, "ibmwebspheremqmyusername");  

要启用跟踪，请将以下内容添加到您的app.config/web.config中，该路径指向包含名为 mqtrace.config 的文件的位置:

To enable tracing, add following to your app.config/web.config where the path points to a location that contains a file named mqtrace.config:

<appSettings>
    <add key="MQTRACECONFIGFILEPATH" value="C:\MQTRACECONFIG" />
</appSettings>

mqtrace.config的示例内容(指定的目录必须预先存在):

Sample content of mqtrace.config (specified directories must exist in advance):

<?xml version="1.0" encoding="utf-8"?>
<traceSettings>
  <MQTRACELEVEL>2</MQTRACELEVEL>
  <MQTRACEPATH>C:\MQTRACEPATH</MQTRACEPATH>
  <MQERRORPATH>C:\MQERRORLOGPATH</MQERRORPATH>
</traceSettings>

以下是一些链接，以获取更多详细信息:

Here are some links for more detail:

追踪:
https://www.ibm .com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q123550_.htm 为什么贴标签:
http://www-01.ibm.com/support/docview.wss ?uid = swg21245474

Tracing:
https://www.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q123550_.htm Why label:
http://www-01.ibm.com/support/docview.wss?uid=swg21245474

这篇关于通过.net客户端通过SSL连接到IBM MQ的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！