I'm using IBMMQDotnetClient (v9.2.0) to connect Webphere MQ (v9.1.0.3). This server required SSL to connect. I have tried but faced the error 2538. I have developed a test tool in .Net FW (use MQ lib for .Net FW) and used Unmanaged Mode and it connected to that server successful.
I found this information from IBM documentation:
From: https://www.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.dev.doc/q029470_.htm
When WebSphere® MQ classes for .NET are used as a managed client,
there are a number of differences from a standard WebSphere MQ MQI
client.
The following features are not available to a managed client:
- Channel compression
- SSL support
- Channel exit chaining
--> That means Managed Client not support SSL (?)
From: https://www.ibm.com/support/knowledgecenter/SSFKSJ_9.1.0/com.ibm.mq.dev.doc/q132490_.htm
IBM MQ classes for .NET Standard only support `Managed Client`
--> That means IBMMQDotnetClient only support Managed Client
Summary: With IBMMQDotnetClient I can only use Managed Client and Managed Client does not support SSL. Am I correct? How can I use IBMMQDotnetClient with SSL?
This is my code, it throw error 2538: MQRC_HOST_NOT_AVAILABLE:
var sslQueueProperties = new Hashtable
{
[MQC.HOST_NAME_PROPERTY] = mqHostName,
[MQC.PORT_PROPERTY] = mqPort,
[MQC.CHANNEL_PROPERTY] = mqChannelName,
[MQC.USER_ID_PROPERTY] = mqUserName,
[MQC.PASSWORD_PROPERTY] = mqPassword,
[MQC.SSL_CERT_STORE_PROPERTY] = certStore,
[MQC.SSL_CIPHER_SPEC_PROPERTY] = cipherSpecProperty,
[MQC.TRANSPORT_PROPERTY] = MQC.TRANSPORT_MQSERIES_MANAGED
};
_mQQueueManager = new MQQueueManager(mqQueueManagerName, sslQueueProperties);
Related
With the now deprecated azure-iot-python-skd version 1 it was possible to connect a downstream device using X.509 authentication to a transparent iotedge enabled gateway by setting the connection string like this:
HostName=<edge device hostname>;DeviceId=<device_id>;x509=true
And then set the certificates by using set_option("TrustedCerts" ...), set_option("x509certificate", ...) and set_option("x509privatekey", ...)
How can this be done with the new version 2 sdk?
I could not figure out how to do it using create_from_x509_certificate(...) or create_from_connection_string(...).
please try the following where you pass in your root_ca_cert as a string:
Create instance of the device client using the connection string:
device_client = IoTHubDeviceClient.create_from_connection_string(connection_string=YOUR CONNECTION STRING,server_verification_cert=YOUR ROOT CA AS STRING)
await device_client.connect()
create_from_connection_string will not work in this case. You need to use create_from_x509_certificate as below:-
self.device_client = IoTHubDeviceClient.create_from_x509_certificate(
x509=x509,
hostname=hostname,
device_id=device_id,
server_verification_cert=root_ca_cert,
gateway_hostname=gatewayHostname
)
Refer this ticket which is the bug fix done by MS team
OS - Windows 10
.net Environment - .net core 2.1
SDK - Microsoft.Azure.Devices.Client - 1.21.0
Microsoft.Azure.Devices.Provisioning.Client - 1.4.0
Microsoft.Azure.Devices.Provisioning.Transport.Amqp - 1.1.9
Microsoft.Azure.Devices.Provisioning.Transport.Http - 1.1.6
Microsoft.Azure.Devices.Provisioning.Transport.Mqtt - 1.1.8
Description of the issue
I'm trying to connect a simulated device (.net core console app) to IOT hub via azure Device Provisioning Service. This is based on x.509 cetificates (root+ intermediate certificate).
I created the enrolment group ok, then uploaded the root certificate and completed verification.
After that generated the device certificate from root certificate and tried to connect to IOT hub using sample code from below link:
https://github.com/Azure-Samples/azure-iot-samples-csharp/tree/master/provisioning/Samples/device/X509Sample
After having all setup when I tried to connect to IOT bub I'm getting below error, tried all protocol - Amqp,Http,Mqtt...
Microsoft.Azure.Devices.Provisioning.Client.ProvisioningTransportException
HResult=0x80131500
Message={"errorCode":401002,"trackingId":"408d5ad7-aa7c-45a1-b19a-e4af41ccf54b","message":"CA certificate not found.","timestampUtc":"2019-08-23T09:17:53.762099Z"}
Source=<Cannot evaluate the exception source>
StackTrace:
<Cannot evaluate the exception stack trace>
Below is the input to device client along with certificate:
private static string s_idScope = "0ne00074417";
private const string GlobalDeviceEndpoint = "global.azure-devices-provisioning.net";
private static string s_certificateFileName = "simulateddevicecert.pfx";
Is there anything missing in the setup that is causing this error? Also is there any REST API exposed by azure DPS to register device? (instead of using Azure Devices/Client SDK)
As shown here,
please include the intermediate certificate as well in the certificate chain presented by the device.
The REST API docs for registering a device to DPS can be found here.
In my case error 401002 was caused by mismatched deviceId and CN field in certificate which device used to authenticate.
In my case, I used the wrong connection string.
I used the device connection string instead of the service connection string when trying to call a direct invoke method.
I'm posting this here, because this is among the first search results for the 401002 error, and there's no info on this check on the Azure doc websites.
I have a Java agent that connects to a payment gateway to validate a CC transaction.
Everything seems to work fine when the Java logic is run on my IBM Notes client (9.0.1FP10IF3).
I am now migrating the logic to a managed bean on my Domino server (9.0.1FP6).
Whenever the connection is made through the bean, I observe the following error on the server console...
HTTP JVM: javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure
I am certain it's because the payment gateway with which I am attempting to communicate has recently upgraded to enforce mandatory TLS 1.2 communications.
However, I'm not sure how to enforce those communications on the Domino server side?
I have set the recommended NOTES.INI variables...
DISABLE_SSLV3=1
SSL_DISABLE_TLS_10=1
... and set the 'SSLCipherSpec', but nothing is working.
Here is an excerpt from the logic I'm using to test everything out.
The 'DataOutputStream' line is what triggers the error...
URL url = new URL("https://host/endpoint");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setAllowUserInteraction(false);
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setUseCaches(false);
connection.setRequestProperty("Content-type", "text/xml");
connection.setRequestProperty("Content-length", Integer.toString(postContent.length()));
DataOutputStream out = new DataOutputStream(connection.getOutputStream());
out.writeBytes(postContent);
out.flush();
out.close();
connection.disconnect();
Any advice/assistance would be most appreciated!
As Per answered, this document allowed me to resolve the issue straight away...
www-01.ibm.com/support/docview.wss?uid=swg21985289
I have integrated paypal to my MVC4 application. PayPal dll version 1.5.0.0, NewtonJson dll version 6.0.0.0
At first i got exception at localhost while getting access token
Dictionary<string, string> sdkConfig = new Dictionary<string, string>();
sdkConfig.Add("mode", "sandbox");
string accessToken = new PayPal.Api.OAuthTokenCredential("MyClientId", "MySecretId", sdkConfig).GetAccessToken();
Exception was
Invalid HTTP response: The request was aborted: Could not create SSL/TLS secure channel.
From stackoverflow I got a fix
System.Net.ServicePointManager.Expect100Continue = true;
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
System.Net.ServicePointManager.DefaultConnectionLimit = 9999;
Its currently working fine on my localhost, but getting exception when uploaded and run on AWS windows instance.
Retried 3 times.... Exception in PayPal.HttpConnection.Execute(). Check log for more details.
Can somebody help me on this ?
UPDATE
I have checked with uploading the same code in mochahost server. Its working perfectly there too
My EC2 instance is Windows Server 2008 DataCenter, 32 bit with IIS7
Make sure TCP443 is open on any elastic load balancer (ELB) you are using and in the security group assigned to the EC2 instance. In the OS make sure TCP443 is allowed with Windows Advanced Firewall.
I'm doing my dev work on a Window 7 x64 machine, deploying to a Windows 2008 x32 server. At the moment I'm adding WCF services to some internal apps so that we can build smaller clients using net.tcp bindings that report to the user what the server is doing without running multiple instances of the server. To cut back on how much administration the apps will require, I tried enabling port sharing on my first server app. I'm using the app to self-host the WCF service so they can be easily moved from one server to another if necessary. Here's the code starting the server:
Dim _service_host As ServiceHost
Dim active_server_address As Uri = New UriBuilder("net.tcp", "localhost", CInt(My.Settings.ServerPort)).Uri
_service_host = New ServiceHost(GetType(UpdateServiceOps), active_server_address)
_service_host.AddServiceEndpoint(GetType(IUpdateService), New NetTcpBinding With {.Name = "endpoint_tcp"}, "MiddlewareEndpoint")
_service_host.Description.Behaviors.Add(New ServiceMetadataBehavior)
_service_host.AddServiceEndpoint(GetType(IMetadataExchange), MetadataExchangeBindings.CreateMexTcpBinding, "mex")
_service_host.Open()
That works great. When I change it to what's below, however, I get an error. Here's the code:
Dim _service_host As ServiceHost
Dim active_server_address As Uri = New UriBuilder("net.tcp", "localhost", CInt(My.Settings.ServerPort)).Uri
_service_host = New ServiceHost(GetType(UpdateServiceOps), active_server_address)
_service_host.AddServiceEndpoint(GetType(IUpdateService), New NetTcpBinding With {.Name = "endpoint_tcp", .PortSharingEnabled = True}, "MiddlewareEndpoint")
_service_host.Description.Behaviors.Add(New ServiceMetadataBehavior)
_service_host.AddServiceEndpoint(GetType(IMetadataExchange), MetadataExchangeBindings.CreateMexTcpBinding, "mex")
_service_host.Open()
I get the following error when I put a breakpoint at the last line: Unable to automatically step into the server. Connecting to the server machine 'nettcpportsharing' failed. The requested name is valid, but no data of the requested type was found. The Try...Catch block housing that code says the exception type is AddressAlreadyInUseException...but when I run netstat I don't see anything else listening on that address. There's no occurrence of 'nettcpportsharing' anywhere in my solution. I've checked to make sure that the Net.Tcp Port Sharing service is started. Any ideas?
I think this may be a permissions issue. Please see the associated article which explains how to configure the port sharing service to support self-hosted services.
(For production purposes I would strongly recommend using IIS Hosting with WAS anyway - it makes management of the services much cleaner and you get dynamic startup/shutdown for free.)