Mq 2393 Error
Contents |
(troubleshooting) Problem(Abstract) You have configured your WebSphere compcode: 2, reason: 2393 MQ (WMQ) client channel to use the client
Mqje001 Completion Code 2 Reason 2393
channel definition table(CCDT) with Secure Socket Layer(SSL) enabled. Using the amqsputc sample program to mqrc ssl initialization error 2393 connect to your queue manager results in the following: 2393 MQRC_SSL_INITIALIZATION_ERROR Cause The key database modifications are not recognized by the queue mqrc_ssl_initialization_error manager. Whenever changes are made to the certificates in the SSL key database of a WebSphere MQ server (after the SSL channel has been started), then the WMQ security information must be refreshed in order for the changes to be recognized. Resolving the problem MQ
Mq 2381
V5.3 Recycle the queue manager to pick up the SSL configuration changes. MQ V6.0 / V7.0.x.x / V7.1.0.x / V7.5.0.x / 8.0.0.x Recycle the queue manager or use following runmqsc command to refresh SSL: Refresh Security type(ssl) Note: A "modification" of the key database constitutes any additions, or deletions of certificates within the key database, regardless of type (Signer Certificates, Intermediate Certificates, Personal Certificates, and so on.). Product Alias/Synonym WMQ MQ Document information More support for: WebSphere MQ SSL Software version: 5.3, 6.0, 7.0, 7.1, 7.5, 8.0 Operating system(s): AIX, HP-UX, Linux, Solaris, Windows Software edition: All Editions Reference #: 1236521 Modified date: 02 December 2014 Site availability Site assistance Contact and feedback Need support? Submit feedback to IBM Support 1-800-IBM-7378 (USA) Directory of worldwide contacts Contact Privacy Terms of use Accessibility
with a mandatory word, e.g. keyword2 keyword1 +keyword2 Questions excluding a word, e.g. keyword2 keyword1 -keyword2 Questions with a specific tag and keyword(s) +[tag1] keyword1 Questions with two or more specific tags and https://developer.ibm.com/answers/questions/187285/why-is-a-mqrc-ssl-initialization-error-displayed-w.html keyword(s) +[tag1] +[tag2] keyword1 To search for all posts by a user or all posts with a specific tag, start typing and choose from the suggestion list. Tags Spaces API Connect Appsecdev BPM Blockchain http://stackoverflow.com/questions/4400171/c-sharp-ssl-with-websphere-mq-version-7-0-1 Bluemix CICS Cloud Analytics Cloud marketplace Content Services (ECM) Continuous Testing Courses DB2 LUW DataPower Decision Optimization DevOps Services Digital Experience Hadoop IBM Design IIDR ITOA InformationServer Integration Bus Internet of Things LinuxONE code 2 MDM Mainframe Messaging Node.js ODM Open Predictive Analytics PureData for Analytics Push Run Book Automation Storage Streamsdev Swift UrbanCode WASdev WSRR Watson dW Answers Help dW Premium developerWorks Team Watson Health More Users Badges Ask a question Why is a MQRC SSL initialization error displayed when you use SSL CipherSpec ECDHE_RSA_AES_256_CBC_SHA384 to connect from the IBM Explorer for z/OS to a WebSphere MQ z/OS queue manager mq 2393 error ? Question by Juan Zhang (Judy) ( 369) | Apr 21, 2015 at 01:19 AM mqmessagingssldefaultmq390 You are using IBM Explorer for z/OS with the MQ plug-in. You use SSL CipherSpec ECDHE_RSA_AES_256_CBC_SHA384 to connect to a queue manager on z/OS. The following exception is generated: "MQRC 2393 (0959) (RC2393): MQRC_SSL_INITIALIZATION_ERROR" People who like this Close 0 Comment 10 |3000 characters needed characters left characters exceeded Viewable by all users Viewable by moderators Viewable by moderators and the original poster Viewable by all users 1 reply · Add your answer Sort: Accepted answer Answer by Juan Zhang (Judy) (369) | Apr 21, 2015 at 01:20 AM You are using a JRE earlier than version 7, or your JRE has not been enabled for full strength cryptography. SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 is supported by the JRE from IBM, starting at Java™ 7. Enable trace of the WMQ classes for Java by adding the following 2 lines to the eclipse.ini file in the IBM Explorer for z/OS installation directory: -Dcom.ibm.msg.client.commonservices.trace.status=ON -Dcom.ibm.mq.integrateJMSTrace=true the following messages are shown: 11:17:14.404.04 0006 Cannot support SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 with currently installed providers [java.lang.IllegalArgumentException] at: 11:17:14.404.04 0006 com.ibm.jsse2.m.(m.java:114) 11:17:14.404.04 0006 com.ibm.jsse2.qc.setEnabledCipherSuites(qc.java: 488) Ensure that the IBM Explorer for z/OS is runn
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 6.2 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up C# - SSL with Websphere MQ version 7.0.1 up vote 1 down vote favorite 1 When connecting to an SSL enabled queue manager using C#, what values do I need to set to get the queues to work? I currently get this error: Reason Code: 2393 MQRC_SSL_INITIALIZATION_ERROR In my code I am setting the MQEnvironment.SSLKeyRepository and MQEnvironment.SSLCipherSpec Is there something else I need to set with C# to make this work? I have seen some Java examples that set keystore passwords and types and things. I have also seen examples setting system environment variables too, but that hasn't seemed to make any difference either. c# ssl websphere-mq share|improve this question asked Dec 9 '10 at 15:52 The Sasquatch 3711617 add a comment| 1 Answer 1 active oldest votes up vote 1 down vote accepted The general pattern for debugging WMQ SSL is as follows... Get the application to connect using no SSL. This eliminates problems with connectivity, wrong queue or queue manager names, etc. Get SSL working with server-only authentication. This means setting SSLCAUTH(OPTIONAL) on the SVRCONN channel. The QMgr will present a certificate that the application must trust but the application does not need to authenticate back to the server. This validates that both the application and the QMgr can access their keystores and that the QMgr's certificate or CA chain are properly loaded in the app's keystore. Finally, set SSLCAUTH(REQUIRED) in the SVRCONN channel so that the application authenticates back to the QMgr. At this point the only possible problems are that the QMgr doesn't trust the app's cert or CA. If the connection attempt is refused by the QMgr, the errors at the client will purposely be cryptic. The detailed messages will be found in the QMgr's AMQERR??.LOG files. If the fa