从Windows Cert Store获取.Net MQ Client时的证书标签

时间:2016-01-15 19:02:37

标签: .net ssl ibm-mq mq digital-certificate

我已将KeyStore设置为* User以从Windows证书存储区获取证书.Mq客户端应用程序正在尝试使用标签名称查找证书,如客户端Trace中的日志所示。我尝试从client.ini和代码设置CertificateLabel但它没有覆盖该值。

我该如何改变?即使我可以覆盖如何更改我直接导入证书存储区的证书的标签?

请帮助

000001B6 12:23:39.868134 4236.8 Created store object to access certificates 
000001B7 12:23:39.868134 4236.8 Opened store 
000001B8 12:23:39.868134 4236.8 Accessing certificate - **ibmwebspheremq(username)** 


How should i change the lable in the certificate store for the existing certificate 

And then it throws the below exception 

000001B9 12:23:39.868134 4236.8 TLS12 supported - True 
000001BA 12:23:39.868134 4236.8 Setting SslProtol as Tls 
000001BB 12:23:39.868134 4236.8 Starting SSL Authentication 
000001BC 12:23:39.868134 4236.8 ------------{ MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) 
000001BD 12:23:39.868134 4236.8 Client callback has been invoked to find client certificate 
000001BE 12:23:39.868134 4236.8 ------------} MQEncryptedSocket.FixClientCertificate(Object,String,X509CertificateCollection,X509Certificate,String[]) rc=OK 
000001BF 12:23:40.507601 4236.8 System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

1 个答案:

答案 0 :(得分:1)

我刚刚用MQ v.8完成了这个完全相同的问题,在过去的两天里发现Shashi的链接很有用,但它并没有完全解决我的问题。除了该链接上的说明外,您还需要确保"友好名称"商店中的证书符合MQ证书标签命名约定,即 ibmwebspheremq logonuserID

例如,假设您当前已登录且登录ID为jdoe。运行MQ客户端时,MQ客户端库将查找具有与 ibmwebspheremqjdoe 匹配的友好名称的证书。最后,我只需添加以下两个属性即可成功连接:

properties.Add(MQC.SSL_CERT_STORE_PROPERTY, "*SYSTEM");
properties.Add(MQC.SSL_CIPHER_SPEC_PROPERTY, "TLS_RSA_WITH_AES_128_CBC_SHA");

请记住,我已将CA签名的证书安装到"本地计算机"密钥库而不是用户密钥库。这就是我在SSL_CERT_STORE_PROPERTY中指定* SYSTEM的原因。

以下是我使用的所有属性:

properties = new Hashtable();
properties.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_MANAGED);
properties.Add(MQC.HOST_NAME_PROPERTY, hostName);
properties.Add(MQC.PORT_PROPERTY, port);
properties.Add(MQC.CHANNEL_PROPERTY, channelName);
properties.Add(MQC.SSL_CERT_STORE_PROPERTY, "*SYSTEM");
properties.Add(MQC.SSL_CIPHER_SPEC_PROPERTY, "TLS_RSA_WITH_AES_128_CBC_SHA");
相关问题
最新问题