Trying to publish and subscribe message from IBM MQ 9 which has Cipher suite, user id, password, mykey.kdb file for SSL connection. we are able to connect through SSL with java. but want to do same thing with node js. While trying to do so we are getting SSL_INITIALISATION_ERROR. In AMQERR01.LOG we are Seeing below error block:
AMQ6090I:MQM could not display text for error 3456322
COMMENTINSERT3(SSLCIPH(' ') -> SSLCIPH(???))
can anyone help me on connecting to MQ using NOde js?
If you have TLS working with Java, then in most likelihood you have the server configured correctly.
To run a Node.js MQ Client in TLS mode needs code that sets the cipher spec and identifies the location of the client keys.
const KEY_REPOSITORY = "../keys/clientkey";
const CIPHER = "TLS_RSA_WITH_AES_128_CBC_SHA256";
var cno = new mq.MQCNO();
// code that sets up cno object
// like Options and MQCSP credentials
var cd = new mq.MQCD();
// And then fill in relevant fields for the MQCD
// like ChannelName and ConnectionName
// If running in TLS Mode
cd.SSLCipherSpec = CIPHER;
cd.SSLClientAuth = MQC.MQSCA_OPTIONAL;
var sco = new mq.MQSCO();
sco.KeyRepository = KEY_REPOSITORY;
// And make the CNO refer to the SSL Connection Options
cno.SSLConfig = sco;
For java you are most likely using a .jks client keystore. For MQI based Clients (Node, Python, Go, C), you need a key database and stash file.
As you will need to have installed the MQI client, you can run the runmqakm tool to create them:
runmqakm -keydb -create -db clientkey.kdb -pw tru5tpassw0rd -type pkcs12 -expire 1000 -stash
and import the server's public key certificate into the client key database
runmqakm -cert -add -label QM1.cert -db clientkey.kdb -pw tru5tpassw0rd -trust enable -file key.crt
Notice that I have called the keystore and stash clientkey. You can call them what ever you want, but in your node.js code set
sco.KeyRepository = KEY_REPOSITORY;
to point at your equivalent of clientkey
