Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Establish TLS connection from Golang to MQ #164

Open
344271 opened this issue Mar 11, 2021 · 5 comments
Open

Establish TLS connection from Golang to MQ #164

344271 opened this issue Mar 11, 2021 · 5 comments

Comments

@344271
Copy link

344271 commented Mar 11, 2021

Please include the following information in your ticket.

  • Version information for MQ, mq-golang, Go compiler
  • A small code sample that demonstrates the issue.

Hello There,
I am referring to the code in the link
https://github.com/ibm-messaging/mq-golang/blob/master/samples/amqsconntls.go

I have a question here, could you please let know how to set up the certificates in the Keystore. Need detailed steps on this please.

sco.KeyRepository = "./mykey"
@ibmmqmet
Copy link
Collaborator

Creating keystores is fully described in the MQ documentation. See for example this page in the KnowledgeCentre

@matrober-uk
Copy link
Member

If it's useful, there is a similar set of instructions in the nextdoor "Golang JMS" repo (programming interface that layers on top of this one) that talks about how to set up your own keystore. That is talking in the context of running one of the test case files, but the steps are equivalent for your own application;
https://github.com/ibm-messaging/mq-golang-jms20/tree/master/tls-samples

The keystore file contents are the same whether you use them from Golang via this MQI style interface or via the "JMS" style interface.

@344271
Copy link
Author

344271 commented Mar 16, 2021

Thanks a lot, Mark. But I am not sure how to use strmqikm (iKeyman) GUI and execute command runmqckm. The link has a lot of info and I am not sure how to start executing the steps. Please guide.

@dware30
Copy link

dware30 commented Mar 16, 2021

There's also more general getting started with MQ and TLS information here:
https://developer.ibm.com/components/ibm-mq/tutorials/mq-secure-msgs-tls/
(pick the second option of C/Golang, not Java)

And this may be of help if you're looking for mutual TLS:
https://stackoverflow.com/questions/63259241/pymqi-connecting-to-ibm-mq-with-ssl
(this is for Python, but that's conceptually similar)

@344271
Copy link
Author

344271 commented Mar 24, 2021
edited
Loading

Hello Team,

I have added the certificates to the key repository. But I am now getting an MQRC 2539 error.

Here's is my go code.

var qMgrName string
resp := true

cno := ibmmq.NewMQCNO()
cd := ibmmq.NewMQCD()
sco := ibmmq.NewMQSCO()

cd.ChannelName = channel
qMgrName = Manager
cd.ConnectionName = future.test
cd.SSLCipherSpec =TLS_RSA_WITH_AES_128_CBC_SHA256
sco.KeyRepository= ./key

cno.ClientConn = cd
cno.SSLConfig = sco
cno.Options = ibmmq.MQCNO_CLIENT_BINDING

MQManager, err = ibmmq.Connx(qMgrName, cno)

if err == nil {
	resp = true
} else {
	resp = false
}

Am I missing any extra parameter here.

Please can you advise how I can resolve this error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ibmmqmet @dware30 @matrober-uk @344271