APAR status
Closed as program error.
Error description
The WebSphere MQ Managed File Transfer (MFT) version 8 Explorer plug-in (for a local MFT configuration) cannot connect to a coordination queue manager configured with SSL, using a signed certificate for the queue manager, even though the client truststore location and password have been specified. The error reported to the user is: Connection to null on 'host_name>' failed BFGCI0009E: Password not defined in the MQMFT credentials file for truststore
Local fix
Problem summary
**************************************************************** USERS AFFECTED: This issue affects users of the WebSphere MQ v8 Managed File Transfer (MFT) Explorer plug-in who create a local MFT configuration and: - use SSL to connect to a remote WebSphere MQ MFT coordination queue manager that has been added to the WebSphere MQ Explorer which has a trusted certificate store SSL key repository configured to hold SSL certificates for trusted queue managers. and/or - use SSL to connect to a remote WebSphere MQ MFT command queue manager that has been added to the WebSphere MQ Explorer which has a trusted certificate store SSL key repository configured to hold SSL certificates for trusted queue managers. Platforms affected: Linux on x86-64, Linux on x86, Windows **************************************************************** PROBLEM DESCRIPTION: When the WebSphere MQ Managed File Transfer (MFT) v8 Explorer plug-in attempted to connect a local MFT configuration to a remote coordination queue manager using SSL, the connection attempt would fail because the MFT v8 Explorer plug-in used the password configured for the personal certificate store configured for the remote queue manager instead of the intended trusted certificate store. An attempt by the WebSphere MQ MFT v8 Explorer plug-in to connect to an MFT command queue manager, to submit new file transfer requests for example, that was also configured to use SSL would also fail for the same reason. The WebSphere MQ v8 Managed File Transfer (MFT) Explorer plug-in would also use an incorrect password when attempting to access the personal certificate store in the scenario where the user disabled password saving in the WebSphere MQ Explorer and was instead prompted to enter the password when required. When this occurred, the WebSphere MQ v8 Managed File Transfer (MFT) Explorer plug-in attempted to use either a blank password or the trusted store password, as entered by a user after being prompted, when attempting to access the personal certificate store.
Problem conclusion
The WebSphere MQ Managed File Transfer (MFT) v8 Explorer plug-in code has been updated such that the password configured for trusted certificate store associated with the remote coordination and/or command queue manager is used to access this SSL key repository when establishing remote SSL connections. In addition, the code has also been updated such that the personal certificate store password that is entered by a user when prompted, when password saving is disabled, is the one that is used to access toed to access the personal certificate store SSL key repository. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v8.0 8.0.0.1 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
XX00223
Reported component name
WEBSPHERE MQ V8
Reported component ID
5724H7250
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-08-12
Closed date
2014-09-11
Last modified date
2014-09-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE MQ V8
Fixed component ID
5724H7250
Applicable component levels
R800 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
11 September 2014