mqsireportproperties for IIB services of TLS versions - websphere

I'm trying to list the IIB services which is using TLS V1
I used this mqsireportproperties for displaying EG properties
mqsireportproperties IIBNODE -e EG -o HttpsConnector -a
Is there any way to filter out the IIB services using TLS V1 , is there any out file can be generated ?
Thanks in Advance

Related

Unable establish secure connection with IBM MQ from MQI client

I am trying to make a secure connection with MQ with the below command:
./amqssslc -c CLI.QM1.T -x <remote_server> -k clientkey -s <SOME CIPHE NAME>
I have created the clientkey.kdb using below commands:
runmqakm -keydb -create -db clientkey.kdb -pw passw0rd -type pkcs12 -expire 1000 -stash
runmqakm -cert -add -label QM1.cert -db clientkey.kdb -stashed -trust enable -file /root.cer
I got the below error:
No OCSP configuration specified.
MQCONNX ended with reason code 2393
Error in the log file :
AMQ9620E: Internal error on call to SSL function on channel 'CLI.QM1.T' to
host 'host-name'.
EXPLANATION:
An error indicating a software problem was returned from a function which is
used to provide SSL or TLS support. The error code returned was '9'. The
function call was 'gsk_environment_init'.
The channel is 'CLI.QM1.T'; in some cases its name cannot be determined and
so is shown as '????'. The channel did not start.
The remote host name is 'host-name'.
ACTION:
Collect the items listed in the 'Problem determination' section of the System
Administration manual and use either the MQ Support site:
http://www.ibm.com/software/integration/wmq/support/, or IBM Support Assistant
(ISA): http://www.ibm.com/software/support/isa/, to see whether a solution is
already available. If you are unable to find a match, contact your IBM support
center.
can you please help me to solve this? I am using IBM MQ 9.1.0.11 version.
Besides, I got the private key name.p12 should I use this somewhere to establish the connection from MQ Client

How do I upload a file to Azurite from terminal?

I'm using Azurite and wish to create a container/upload a blob etc from the bash terminal!
I've tried using the Azure CLI like this::
az storage container create --account-name devstoreaccount1 --account-key Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw== --name mycontainer
But of course it doesn't work and complains of Authentication failure! By the way the correct account key and name are used in that example.
I believe it's not possible to talk to Azurite using the Azure CLI.
All I want to do is create a container and upload a file to it from the terminal.
Does anybody know if this is possible? Or will I have to use a Java client (for example) to do the job?
Thanks
According to my test, when we account key and account name with Azure CLI to create blob container, cli will use https protocol to connect Azurite. But, in default, Azurite just support http protocol. For more details, please refer to here
So I suggest you use connection string to connect Azurite with Azure CLI, the connection string will tell Azure CLI uses http protocol.
For example
Create contanier
az storage container create -n test --connection-string "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;QueueEndpoint=http://127.0.0.1:10001/devstoreaccount1;"
Upload file
az storage blob upload -f D:\test.csv -c test -n test.csv --connection-string "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;QueueEndpoint=http://127.0.0.1:10001/devstoreaccount1;"

How to tunnel pcf service from spring boot application

I have a spring boot application deployed on pivotal cloud foundry.
I'm trying to tunnel (cf ssh) to that application in pcf from my spring boot application, but not able to find any api or client libraries to achieve it.
Actual cli command to tunnel pcf:
cf ssh -N -T -L 10001:localhost:10001 ms name
Any suggestions are welcome.
If you're trying to write Java code that would do the same thing as the cf ssh command, that should be possible. It's standard SSH, but with short-lived credentials so the trick will be generating credentials that you can use from your app.
Here's an example of using a standard SSH/SCP/SFTP client, note that ssh.bosh-lite.com will be your SSH domain, which you can see from cf curl /v2/info:
$ ssh -p 2222 cf:$(cf app app-name --guid)/0#ssh.bosh-lite.com
$ scp -P 2222 -oUser=cf:$(cf app app-name --guid)/0 my-local-file.json ssh.bosh-lite.com:my-remote-file.json
$ sftp -P 2222 cf:$(cf app app-name --guid)/0#ssh.bosh-lite.com
https://github.com/cloudfoundry/diego-ssh#cloud-foundry-via-cloud-controller-and-uaa
That said, you should be able to do something similar with any standard SSH Java library.
As mentioned above, the trick is in getting credentials. The username will be the format cf:application-guid/app-instance-number, which is easy, but the password needs to be generated with cf ssh-code, or the comparable call to the UAA API.
Ex: curl -vv -H 'Accept: application/json' -H "Authorization: $(cf oauth-token)" "https://uaa.run.pivotal.io/oauth/authorize?client_id=ssh-proxy&response_type=code"
This example uses curl to send the request and cf oauth-token to get a valid Oauth2 bearer token for the logged in user. You could get a valid bearer token in a number of ways, including making direct API calls or using the cf-java-client. It just needs to be a valid token for the user that should perform the SSH action (i.e. it would be the user that's running cf ssh).
Hope that helps!

Websphere + MQ client

I am getting following error message while connecting to websphere server using MQ client :
/opt/mqm/samp/bin/amqssslc -x 'X.X.X.10(9110)' -c QMEIGS1.VSER.SVRCONN
QMEIGS1 -k /var/mqm/qmgrs/QMEIGS1/ssl/qmeigs1.arm -s TRIPLE_DES_SHA_US
Error Message :
LE_DES_SHA_US
Sample AMQSSSLC start
Connecting to the default queue manager
Using the server connection channel QMEIGS1.VSER.SVRCONN
on connection name 10.87.205.70(7118).
No SSL configuration specified.
MQCONNX ended with reason code 2393
We have placed .arm file in ssl dir in the path /var/mqm/qmgrs/QMEIGS1/ssl/qmeigs1.arm
Please tell me what need to be done to resolve this ?
we are using following Packages on client side :
Client version : 8.0.0.4
Client OS : Redhat Linux 6.x 64bit (Non GUI)
Packages Installed on client :
MQSeriesJRE_vserv-8.0.0-4.x86_64
MQSeriesRuntime_vserv-8.0.0-4.x86_64
MQSeriesGSKit_vserv-8.0.0-4.x86_64
MQSeriesClient_vserv-8.0.0-4.x86_64
MQSeriesSamples_vserv-8.0.0-4.x86_64
Regards
Atul
The -k parameter on the client side (the amqssslc application) and the queue manager's ssl folder should contain a .kdb file. You appear to be using a .arm file. You should create a Key Database File (KDB) and add the certificate contained in the .arm file to that KDB, then rerun using the KDB as the target used by both client and queue manager instead of the .arm file.
You can find step-by-step instructions at the following page:
Running the SSL/TLS sample program

MRTG SNMP v3 cfgmaker contextengineid

Im trying to setup mrtg to probe my snmp agent.
The snmp agent has been setup with a v3 user/pass authentication and is working fine.
However, if I try to make a config file for mrtg using the following command:
sudo cfgmaker --global 'WorkDir: /var/www/mrtg' --output /etc/mrtg/mrtg.cfg \
<IPADRESS>:2161::::3 --username=<USER> --authprotocol=md5 --authpassword=<PASSWORD>
I get the following error:
Use of --authpassword requires --contextengineid at /usr/bin/cfgmaker line 1531.
When I generate a file for SNMP v2 (with the communitry string) it goes OK.
How can I obtain the contextengineid of my snmp agent that is needed to make the cfg file?
I have used this successfully on a CentOS 7 server and Fedora 20 workstation:
Locate the context engine ID, location will vary:
grep oldEngineID /var/lib/net-snmp/snmpd.conf
Add the following line to your configmaker source file; 0x is required:
--contextengineid=0x<whatever number you got from number 1>
If this is a switch, router, or Windows box your engine ID location will definitely vary. See the manufacturers operating manuals for this.
You can also query engineID from commandline snmptools:
snmpwalk -v3 -l auth -a md5 -A '' hostname snmpEngineID

Resources