admin管理员组

文章数量:1122832

Can someone please help me w/ below problem?

Script Reference : .js

As mentioned in , The SSL/TLS key repository - IBM Documentation

Followed below, for key database creation and added the same certs to kdb file.

Raised a Github issue too : 

openssl x509 -inform PEM -in leafcert.cer -out leafcert.crt
openssl x509 -inform PEM -in root.cer -out root.crt
runmqakm -keydb -create -db certstore.kdb -pw Welcome1 -type pkcs12 -expire 1000 -stash
runmqakm -cert -add -label leafcert.cert -db certstore.kdb -pw Welcome1 -trust enable -file leafcert.crt
runmqakm -cert -add -label root.cert -db certstore.kdb -pw Welcome1 -trust enable -file root.crt

Imported ‘certstore.kdb’ into my script and used properties like below.

this.sco.KeyRepository = '<PATHOFSTH/KDB>';
//this.sco.KeyRepoPassword = 'Welcome1';  //This isn't used
//this.sco.CertificateLabel = 'leafcert.cert';  //This isn't used
this.connectionDefinition.SSLCipherSpec = 'ECDHE_RSA_AES_256_GCM_SHA384';
/** We arent providing Client SSL Certificate and terming it as optional */
this.connectionDefinition.SSLClientAuth = this.MQC.MQSCA_OPTIONAL;

Despite of all above properties setup, still facing “MQRC_SSL_INITIALIZATION_ERROR [2393]” error.

Checked in MQLibrary Logs and see below error:

----- amqccisa.c : 10130 ------------------------------------------------------
11/10/24 06:02:46 - Process(7444.1) User(userx) Program(node)
Host(asadasdas) Installation(MQNI93L24040400P)
VRMF(9.3.0.17)
Time(2024-11-10T06:02:46.268Z)
CommentInsert1([Class=]GSKVALMethod::X509[Issuer=]CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust, Inc. - for authorized use only,OU=See [www.entrust/legal-terms,O=Entrust](,O=Entrust/), Inc.,C=US[#=]0ee94cc30000000051d37785[Subject=]CN=Entrust Certification Aut)
CommentInsert2(gsk_attribute_get_buffer - GSK_UNKNOWNREVOCATIONSTATUS_SUBJECT)
CommentInsert3(EXAMPLE.CHANNEL)

AMQ9716E: Remote SSL certificate revocation status check failed for channel
'EXAMPLE.CHANNEL'.

EXPLANATION:
IBM MQ failed to determine the revocation status of the remote SSL certificate
for one of the following reasons:
(a) The channel was unable to contact any of the CRL servers or OCSP responders
for the certificate.
(b) None of the OCSP responders contacted knows the revocation status of the
certificate.
(c) An OCSP response was received, but the digital signature of the response
could not be verified.

The details of the certificate in question are
'[Class=]GSKVALMethod::X509[Issuer=]CN=Entrust Root Certification Authority -
G2,OU=(c) 2009 Entrust, Inc. - for authorized use only,OU=See
[www.entrust/legal-terms,O=Entrust](,O=Entrust/),
Inc.,C=US[#=]0ee94cc30000000051d37785[Subject=]CN=Entrust Certification Aut'.

The channel name is 'EXAMPLE.CHANNEL'. In some cases the channel name cannot be
determined and so is shown as '????'. The channel did not start.

IBM MQ does not allow the channel to start unless the certificate revocation
status can be determined.
ACTION:
If the certificate contains an AuthorityInfoAccess extension, ensure that the
OCSP server named in the certificate extension is available and is correctly
configured.

If the certificate contains a CrlDistributionPoint extension, ensure that the
CRL server named in the certificate extension is available and is correctly
configured.

If you have specified any CRL or OCSP servers to IBM MQ, check that those
servers are available and are correctly configured.

Ensure that the local key repository has the necessary SSL certificates to
verify the digital signature of the response from the OCSP server.
----- amqccisa.c : 10130 ------------------------------------------------------

 Name:        IBM MQ
Version:     9.3.0.17
Level:       p930-017-240404
BuildType:   IKAP - (Production)
Platform:    IBM MQ for Linux (x86-64 platform)
Mode:        64-bit
O/S:         Linux 4.18.0-553.27.1.el8_10.x86_64
O/S Details: Debian GNU/Linux 12 (bookworm)
InstName:    MQNI93L24040400P
InstDesc:    IBM MQ V9.3.0.17 (Redistributable)
Primary:     N/A
InstPath:    /opt/ibmmqc
DataPath:    /home/IBM/MQ/data
MaxCmdLevel: 930

Ibmmq Nodejs Module:
"dependencies": {
    "ibmmq": "^2.1.0",
    "postinstall": "*"
  }

本文标签: nodejsAMQ9716E Remote SSL certificate revocation status check failed for channel XXXXStack Overflow

版权声明:本文标题:node.js - AMQ9716E: Remote SSL certificate revocation status check failed for channel XXXX - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736303696a1931972.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。