c# - IBMMQDotnetClient 与 TLS 1.2 + kdb 证书连接
问题描述
我尝试使用 .net 库“IBMMQDotnetClient”版本 9.2.3 连接到 IBM MQ,此连接必须使用 TLS 1.2。
properties.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_MANAGED);
properties.Add(MQC.HOST_NAME_PROPERTY, _hostname);
properties.Add(MQC.PORT_PROPERTY, port);
properties.Add(MQC.CHANNEL_PROPERTY, channel);
properties.Add(MQC.SSL_CERT_STORE_PROPERTY, @"C:\Root\ssl\keystore");
properties.Add(MQC.SSL_CIPHER_SPEC_PROPERTY, "TLS_RSA_WITH_AES_128_CBC_SHA256");
properties.Add(MQC.CERT_LABEL_PROPERTY, certLabel);
当我打电话给:
_mqQueueManager = new MQQueueManager(queueManager, properties);
我收到以下 MQException:原因 2195 - 消息“MQRC_UNEXPECTED_ERROR”
有谁知道如何使用 .kdb/.sth 证书从 ac# .netcore 项目连接到 IBM MQ?
在 MQTRACEPATH 日志中,我看到:
000001CA 13:08:12.582896 29080.1 -----------} MQTCPConnection.ConnectUsingLocalAddr(ParsedLocalAddr,IPAddress,int) rc=OK
000001CB 13:08:12.582914 29080.1 IP:*****
000001CC 13:08:12.583357 29080.1 Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#0083A9E6 MQMBID sn=p923-L210708 su=_rwPC4d_rEeuJxYd83sYP-w pn=basedotnet/nmqi/NmqiObject.cs
000001CD 13:08:12.583376 29080.1 Constructing IBM.WMQ.Nmqi.MQEncryptedSocket#0083A9E6 MQMBID sn=p923-L210708 su=_rwPC4d_rEeuJxYd83sYP-w pn=basedotnet/nmqi/MQEncryptedSocket_s.cs
000001CE 13:08:12.583712 29080.1 -----------{ MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions)
000001CF 13:08:12.583850 29080.1 IBM.WMQ.Nmqi.MQEncryptedSocket#0083A9E6 throwing MQException: cc=2 rc=2381
000001D0 13:08:12.584052 29080.1 New MQException CompCode: 2 Reason: 2381
000001D1 13:08:12.586100 29080.1 -----------}! MQEncryptedSocket.RetrieveAndValidateSSLParams(MQConnectOptions) rc=(Unknown(2381))
000001D2 13:08:12.586901 29080.1 CompCode: 2, Reason: 2381
000001D3 13:08:12.586982 29080.1 New MQException CompCode: 2 Reason: 2538
000001D4 13:08:12.588392 29080.1 -----------{ ManagedCommonServices.GetMessage(string objectId,uint returncode,uint control,out string basicmessage,out string extendedmessage,out string replymessage,MQLONG basicLength,MQLONG extendedLength,MQLONG replyLength)
000001D5 13:08:12.588428 29080.1 Returncode: 0x20009202 Control: 0x00000006
000001D6 13:08:12.590143 29080.1 -----------}! ManagedCommonServices.GetMessage(string objectId,uint returncode,uint control,out string basicmessage,out string extendedmessage,out string replymessage,MQLONG basicLength,MQLONG extendedLength,MQLONG replyLength) rc=(Unknown(536895768))
000001D7 13:08:12.591130 29080.1 -----------{ ManagedCommonServices.DisplayMessage(string,string,uint,uint)
000001D8 13:08:12.634418 29080.1 ------------{ ManagedCommonServices.GetMessage(string objectId,uint returncode,uint control,out string basicmessage,out string extendedmessage,out string replymessage,MQLONG basicLength,MQLONG extendedLength,MQLONG replyLength)
000001D9 13:08:12.634472 29080.1 Returncode: 0x20009202 Control: 0x00000013
000001DA 13:08:12.634686 29080.1 ------------}! ManagedCommonServices.GetMessage(string objectId,uint returncode,uint control,out string basicmessage,out string extendedmessage,out string replymessage,MQLONG basicLength,MQLONG extendedLength,MQLONG replyLength) rc=(Unknown(536895768))
000001DB 13:08:12.634805 29080.1 -----------}! ManagedCommonServices.DisplayMessage(string,string,uint,uint) rc=(Unknown(536895768))
000001DC 13:08:12.634880 29080.1 ----------} MQTCPConnection.ConnectSocket(string,string,MQLONG) rc=OK
000001DD 13:08:12.634996 29080.1 CompCode: 2, Reason: 2538
000001DE 13:08:12.635362 29080.1 New MQException CompCode: 2 Reason: 2538
000001DF 13:08:12.635379 29080.1 New NmqiException CompCode: 2 Reason: 2538
000001E0 13:08:12.635498 29080.1 ----------{ MQFAPConnection.CleanUp(Boolean,NmqiException) inputs [False] [CompCode: 2, Reason: 2538]
000001E1 13:08:12.635514 29080.1 ----------} MQFAPConnection.CleanUp(Boolean,NmqiException) rc=OK
000001E2 13:08:12.635594 29080.1 ---------} MQFAPConnection.Connect(MQConnectionSecurityParameters) rc=OK
000001E3 13:08:12.635614 29080.1 CompCode: 2, Reason: 2538
000001E4 13:08:12.635738 29080.1 --------} MQConnectionSpecification.CreateAndConnectConnection(MQConnectionSecurityParameters,MQFAP,String,MQConnectOptions,int) rc=OK
000001E5 13:08:12.635761 29080.1 -------} MQConnectionSpecification.GetSessionFromNewConnection(MQConnectionSecurityParameters,MQFAP,String,MQConnectOptions,int) rc=OK
000001E6 13:08:12.635768 29080.1 Exit AssingSession from new connection:
000001E7 13:08:12.635775 29080.1 ------} MQConnectionSpecification.GetSession(MQConnectionSecurityParameters,MQFAP,String,MQConnectOptions,int) rc=OK
000001E8 13:08:12.635782 29080.1 -----} MQFAPConnectionPool.GetSession(MQConnectOptions,MQConnectionSecurityParameters,MQChannelDefinition,String,int,String,String,int,int) rc=OK
000001E9 13:08:12.635791 29080.1 CompCode: 2, Reason: 2538
000001EA 13:08:12.635847 29080.1 New MQException CompCode: 2 Reason: 2538
000001EB 13:08:12.635857 29080.1 New NmqiException CompCode: 2 Reason: 2538
000001EC 13:08:12.635906 29080.1 CompCode: 2, Reason: 2538
000001ED 13:08:12.635973 29080.1 ----} MQFAP.NmqiConnect(String,NmqiConnectOptions,MQConnectOptions,Hconn,Phconn,out int,out int,ManagedHconn) rc=OK
000001EE 13:08:12.636003 29080.1 CompCode: 2, Reason: 2538
000001EF 13:08:12.636016 29080.1 ---} MQFAP.MQCONNX(String,MQConnectOptions,Phconn,out int,out int) rc=OK
000001F0 13:08:12.636026 29080.1 IBM.WMQ.MQQueueManager#03551B1B throwing MQException: cc=2 rc=2538
000001F1 13:08:12.636033 29080.1 New MQException CompCode: 2 Reason: 2538
000001F2 13:08:12.654150 29080.1 --}! MQQueueManager.Connect() rc=(Unknown(2538))
解决方案
托管模式是 Core 中唯一支持的模式,它使用 Windows 用户或系统密钥库。您需要指定*USER
or*SYSTEM
作为您的MQC.SSL_CERT_STORE_PROPERTY
. 您需要将您的证书导入到相应的 Windows 密钥库。
请注意,在托管模式下,您指定的密码仅用于确定要使用的 TLS 版本,实际协商的密码可能不是您指定的密码。在您的示例中,它将协商到 TLS1.2 密码。如果 SVRCONN SSLCIPH 与协商的内容不匹配,则连接将失败。如果队列管理器也是 9.2,您可以在 SVRCONN SSLCIPH 中指定ANY_TLS12
或ANY_TLS12_OR_HIGHER
以允许它接受协商的任何可用 TLS1.2 密码。
推荐阅读
- java - 构建“springSecurityFilterChain”时出现“AlreadyBuiltException:该对象已构建”
- php - 在没有会话 PHP 的情况下跨页面存储变量
- omnet++ - 将 OMNET++ 输出写入文本文件
- ios - 在 UISplitViewController 中,如何为 iPhone 制作主打开详细视图控制器?
- javascript - if else 语句中的一行有什么问题
- c# - 合并 2 个具有共同部分的 Url
- python - 变异和重新分配列表( _list = 和 _list[:] = )之间的 Python 区别
- mysql - VS 2017 MySql.Data 清单与程序集引用不匹配
- .net - 反序列化为 List(Of T) 时传递构造函数参数
- python-3.x - SSL 证书错误