Troubleshooting

You might encounter some errors while creating secure connections to the queue manager. By verifying simple details these errors can be resolved.

Some of the possible errors you might encounter and their resolutions are as follows:

  • If you do not know the correct cipher, leave the field blank and press Test Connection. It cycles through all the available ciphers until it finds one that works and report it in the status dialog to the right. If no cipher is accepted, you might have to change the configuration of the server channel.
  • Disable client authentication. This means that the queue manager does not check that it trusts the signer of the plug-in's certificate. If it works with client authentication disabled but not with it enabled, then the two parties do not have all the signing CA certificates in place.
  • Check the queue manager's log files. These files are in the queue manager's work directory under "errors". For the queue manager above, this file is:

    /var/mqm/qmgrs/qmwn/errors/AMQERR01.LOG

    A typical error from that file looks like: 

    ----- amqrmrsa.c : 889 --------------------------------------------------------
12/07/2012 02:46:09 PM - Process(15433.5) User(jsmith) Program(amqrmppa)
                    Host(bilbo.jrr.org) Installation(Installation1)
                    VRMF(7.5.0.0) QMgr(qmwn)
                   
AMQ9660: SSL key repository: password stash file absent or unusable.

EXPLANATION:
The SSL key repository cannot be used because MQ cannot obtain a password to
access it. Reasons giving rise to this error include: 
(a) the key database file and password stash file are not present in the
  location configured for the key repository, 
(b) the key database file exists in the correct place but that no password
  stash file has been created for it, 
(c) the files are present in the correct place but the userid under which MQ is
  running does not have permission to read them, 
(d) one or both of the files are corrupt. 

The channel is '????'; in some cases its name cannot be determined and so is
shown as '????'. The channel did not start.
ACTION:
Ensure that the key repository variable is set to where the key database file
is. Ensure that a password stash file has been associated with the key database
file in the same directory, and that the userid under which MQ is running has
read access to both files. If both are already present and readable in the
correct place, delete and recreate them. Restart the channel.
----- amqccisa.c : 5540 -------------------------------------------------------
12/07/2012 02:46:09 PM - Process(15433.5) User(jsmith) Program(amqrmppa)
                    Host(bilbo.jrr.org) Installation(Installation1)
                    VRMF(7.5.0.0) QMgr(qmwn)

    This error occurred because the queue manager does not have read permission to the files in the SSL directory. This happened because the default file creation mask does not support group read.