Morag Hughson
Wed, 30 Aug 2006 07:45:45 -0700
I have never had the opportunity to work with ACF2 - all my experience is with RACF, but in case it helps, the error messages you are seeing mean the following:-
--------------------------------- -35 Certificate validation error. Explanation: An error is detected while validating a certificate. This error can occur if a root CA certificate is not found in the key database or SAF keyring or if the certificate is not marked as a trusted certificate. User response: Verify that the root CA certificate is in the key database or SAF keyring and is marked as trusted. Check all certificates in the certification chain and verify that they are trusted and are not expired. Collect a System SSL trace containing the error and then contact your service representative if the problem persists. --------------------------------- -53 Internal error reported by remote partner. Explanation: The peer application has detected an internal error while performing an SSL operation and has sent an alert to close the secure connection. User response: Check the error log for the remote application to determine the nature of the processing error. --------------------------------- Depending on whether you are using self-signed certificates or CA-signed certificates the problem you are seeing will be slightly different. If you are using self-signed certificates, a copy of the partner queue manager's certificate must be connected to the local queue manager's key ring. In RACF this is the same command as the one you use to connect the queue manager's own certificate to the keyring. If you are using CA-signed certificates, a copy of the signing certificate (that is the one which signed the partner queue manager's certificate) must be connected to the local queue manager's key ring. In RACF this is the same command as the one you use to connect the queue manager's own certificate to the keyring with one minor difference. The difference in the RACF command is that where you say the certificate is owned by a specific user ID, ( ... RACDCERT CONNECT(ID(user-id-of-cert) ...) you instead say that it is a CA certificate, ( ... RACDCERT CONNECT(CERTAUTH ...). There should be similar commands in ACF2. If you have the syntax that you're using in ACF2 I'd be happy to have a look and see what might be missing, knowing what the steps are in RACF. Cheers Morag Morag Hughson WebSphere MQ for z/OS Development Telephone: +44 (0) 1962 816900 Internet: [EMAIL PROTECTED] Lotus Notes: Morag Hughson/UK/IBM JD Ross <[EMAIL PROTECTED]> Sent by: MQSeries List <MQSERIES@LISTSERV.MEDUNIWIEN.AC.AT> 22/08/2006 20:58 Please respond to MQSeries List <MQSERIES@LISTSERV.MEDUNIWIEN.AC.AT> To MQSERIES@LISTSERV.MEDUNIWIEN.AC.AT cc Subject MQ SSL Channels zOS MQ 5.3.1 using ACF2 - anyone ever get it to work? Hello, Has anyone out there successfully connected MQ channels using SSL on zOS using MQ 5.3.1? Both sides see returns codes, -35 on one, -53 on the other. Any insight on the commands used to create certs would be appreciated. I believe my team is right on the edge of getting this working, but something is missing. Thanks in advance. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com To unsubscribe, write to [EMAIL PROTECTED] and, in the message body (not the subject), write: SIGNOFF MQSERIES Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html To unsubscribe, write to [EMAIL PROTECTED] and, in the message body (not the subject), write: SIGNOFF MQSERIES Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html