mq-golang icon indicating copy to clipboard operation
mq-golang copied to clipboard

Published 20 hours ago verified publisher icon ibm-messaging

Establish TLS connection from Golang to MQ

Open 344271 opened this issue 4 years ago • 5 comments

Please include the following information in your ticket.

  • Version information for MQ, mq-golang, Go compiler
  • A small code sample that demonstrates the issue.

Hello There, I am referring to the code in the link https://github.com/ibm-messaging/mq-golang/blob/master/samples/amqsconntls.go

I have a question here, could you please let know how to set up the certificates in the Keystore. Need detailed steps on this please.

sco.KeyRepository = "./mykey"

344271 avatar Mar 11 '21 14:03 344271

Creating keystores is fully described in the MQ documentation. See for example this page in the KnowledgeCentre

ibmmqmet avatar Mar 16 '21 15:03 ibmmqmet

If it's useful, there is a similar set of instructions in the nextdoor "Golang JMS" repo (programming interface that layers on top of this one) that talks about how to set up your own keystore. That is talking in the context of running one of the test case files, but the steps are equivalent for your own application; https://github.com/ibm-messaging/mq-golang-jms20/tree/master/tls-samples

The keystore file contents are the same whether you use them from Golang via this MQI style interface or via the "JMS" style interface.

matrober-uk avatar Mar 16 '21 15:03 matrober-uk

Thanks a lot, Mark. But I am not sure how to use strmqikm (iKeyman) GUI and execute command runmqckm. The link has a lot of info and I am not sure how to start executing the steps. Please guide.

344271 avatar Mar 16 '21 15:03 344271

There's also more general getting started with MQ and TLS information here: https://developer.ibm.com/components/ibm-mq/tutorials/mq-secure-msgs-tls/ (pick the second option of C/Golang, not Java)

And this may be of help if you're looking for mutual TLS: https://stackoverflow.com/questions/63259241/pymqi-connecting-to-ibm-mq-with-ssl (this is for Python, but that's conceptually similar)

dware30 avatar Mar 16 '21 17:03 dware30

Hello Team,

I have added the certificates to the key repository. But I am now getting an MQRC 2539 error.

Here's is my go code.

var qMgrName string
resp := true

cno := ibmmq.NewMQCNO()
cd := ibmmq.NewMQCD()
sco := ibmmq.NewMQSCO()

cd.ChannelName = channel
qMgrName = Manager
cd.ConnectionName = future.test
cd.SSLCipherSpec =TLS_RSA_WITH_AES_128_CBC_SHA256
sco.KeyRepository= ./key

cno.ClientConn = cd
cno.SSLConfig = sco
cno.Options = ibmmq.MQCNO_CLIENT_BINDING

MQManager, err = ibmmq.Connx(qMgrName, cno)

if err == nil {
	resp = true
} else {
	resp = false
}

Am I missing any extra parameter here.

Please can you advise how I can resolve this error.

344271 avatar Mar 24 '21 15:03 344271