stackoom
  简体   繁体   中英

Implement SSL in IBM MQ in Node js

 原文  2020-09-29 05:08:56       node.js/ ssl/ ibm-mq/ jks

Question

Trying to publish and subscribe message from IBM MQ 9 which has Cipher suite, user id, password, mykey.kdb file for SSL connection. we are able to connect through SSL with java. but want to do same thing with node js. While trying to do so we are getting SSL_INITIALISATION_ERROR . In AMQERR01.LOG we are Seeing below error block:

AMQ6090I:MQM could not display text for error 3456322
COMMENTINSERT3(SSLCIPH(' ') -> SSLCIPH(???))

can anyone help me on connecting to MQ using NOde js?

1 answers

solution1
 2  2020-09-30 10:04:52

If you have TLS working with Java, then in most likelihood you have the server configured correctly.

To run a Node.js MQ Client in TLS mode needs code that sets the cipher spec and identifies the location of the client keys.

  const KEY_REPOSITORY = "../keys/clientkey";
  const CIPHER = "TLS_RSA_WITH_AES_128_CBC_SHA256";


  var cno = new mq.MQCNO();

  // code that sets up cno object
  // like Options and MQCSP credentials


  var cd = new mq.MQCD();
  // And then fill in relevant fields for the MQCD
  // like ChannelName and ConnectionName

  // If running in TLS Mode 
  cd.SSLCipherSpec = CIPHER;
  cd.SSLClientAuth = MQC.MQSCA_OPTIONAL;


  var sco = new mq.MQSCO();

  sco.KeyRepository = KEY_REPOSITORY;
  // And make the CNO refer to the SSL Connection Options
  cno.SSLConfig = sco;

For java you are most likely using a .jks client keystore. For MQI based Clients (Node, Python, Go, C), you need a key database and stash file.

As you will need to have installed the MQI client, you can run the runmqakm tool to create them:


runmqakm -keydb -create -db clientkey.kdb -pw tru5tpassw0rd -type pkcs12 -expire 1000 -stash

and import the server's public key certificate into the client key database

runmqakm -cert -add -label QM1.cert -db clientkey.kdb -pw tru5tpassw0rd -trust enable -file key.crt

Notice that I have called the keystore and stash clientkey . You can call them what ever you want, but in your node.js code set
sco.KeyRepository = KEY_REPOSITORY;

to point at your equivalent of clientkey

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question IBM MQ connection in node js with 2 way SSL How to Push a message in IBM MQ Through node js How to use Keystore to connect to SSL enabled IBM MQ using NodeJS Node.js Which is the better way to implement server ssl certificate IBM Netezza and node.js ibm bluemix node js files I can't get AMQP publish and subscribe to run with Node JS v6 and mqlight v2.0 from IBM MQ v9.0.1.0 IBM MQ sharedsubscription with NodeJS Unable to pass SSL Client Cert to IBM MQ from Nodejs/MQRC_KEY_REPOSITORY_ERROR/MQRC_SSL_INITIALIZATION_ERROR Node.js and SSL with Restler
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM