Establish TLS connection from Golang to MQ

ibm-messaging / mq-golang

Calling IBM MQ from Go applications

Apache License 2.0

167 stars 60 forks source link

Establish TLS connection from Golang to MQ #164

Open 344271 opened 3 years ago

344271 commented 3 years ago

Please include the following information in your ticket.

Version information for MQ, mq-golang, Go compiler
A small code sample that demonstrates the issue.

Hello There, I am referring to the code in the link https://github.com/ibm-messaging/mq-golang/blob/master/samples/amqsconntls.go

I have a question here, could you please let know how to set up the certificates in the Keystore. Need detailed steps on this please.

sco.KeyRepository = "./mykey"

ibmmqmet commented 3 years ago

Creating keystores is fully described in the MQ documentation. See for example this page in the KnowledgeCentre

matrober-uk commented 3 years ago

If it's useful, there is a similar set of instructions in the nextdoor "Golang JMS" repo (programming interface that layers on top of this one) that talks about how to set up your own keystore. That is talking in the context of running one of the test case files, but the steps are equivalent for your own application; https://github.com/ibm-messaging/mq-golang-jms20/tree/master/tls-samples

The keystore file contents are the same whether you use them from Golang via this MQI style interface or via the "JMS" style interface.

344271 commented 3 years ago

Thanks a lot, Mark. But I am not sure how to use strmqikm (iKeyman) GUI and execute command runmqckm. The link has a lot of info and I am not sure how to start executing the steps. Please guide.

dware30 commented 3 years ago

There's also more general getting started with MQ and TLS information here: https://developer.ibm.com/components/ibm-mq/tutorials/mq-secure-msgs-tls/ (pick the second option of C/Golang, not Java)

And this may be of help if you're looking for mutual TLS: https://stackoverflow.com/questions/63259241/pymqi-connecting-to-ibm-mq-with-ssl (this is for Python, but that's conceptually similar)

344271 commented 3 years ago

Hello Team,

I have added the certificates to the key repository. But I am now getting an MQRC 2539 error.

Here's is my go code.

var qMgrName string
resp := true

cno := ibmmq.NewMQCNO()
cd := ibmmq.NewMQCD()
sco := ibmmq.NewMQSCO()

cd.ChannelName = channel
qMgrName = Manager
cd.ConnectionName = future.test
cd.SSLCipherSpec =TLS_RSA_WITH_AES_128_CBC_SHA256
sco.KeyRepository= ./key

cno.ClientConn = cd
cno.SSLConfig = sco
cno.Options = ibmmq.MQCNO_CLIENT_BINDING

MQManager, err = ibmmq.Connx(qMgrName, cno)

if err == nil {
    resp = true
} else {
    resp = false
}

Am I missing any extra parameter here.

Please can you advise how I can resolve this error.