Working against a Secure-Channel with Security-Exit using XMS .NET API

Question

I own the following findings in order to work againts WMQ Secure-Channel:

1. Defined Secure-Channel in the WMQ farm
2. Public/Private keys
3. Unmanaged Security-Exit assembly

My question is how to utilize these resources and interact with a Secure Channel using the XMS API? (Using C#)

This is what I've tried so far, but without success:

private IConnectionFactory CreateConnectionFactory()
{
    XMSFactoryFactory factoryFactory = XMSFactoryFactory.GetInstance(XMSC.CT_WMQ);

    IConnectionFactory connectionFactory = factoryFactory.CreateConnectionFactory();

    connectionFactory.SetStringProperty(XMSC.WMQ_HOST_NAME, _wmqHostName);
    connectionFactory.SetIntProperty(XMSC.WMQ_PORT, _wmqPort);
    connectionFactory.SetStringProperty(XMSC.WMQ_CHANNEL, _wmqChannel);
    connectionFactory.SetIntProperty(XMSC.WMQ_CONNECTION_MODE, XMSC.WMQ_CM_CLIENT_UNMANAGED);
    connectionFactory.SetStringProperty(XMSC.WMQ_QUEUE_MANAGER, _wmqQueueManager);
    connectionFactory.SetIntProperty(XMSC.WMQ_BROKER_VERSION, 0);
    connectionFactory.SetStringProperty(XMSC.WMQ_SECURITY_EXIT, "MySecurityExitName");

    return (connectionFactory);
}

I get the following error when calling it:

CWSMQ0006E: An exception was received during the call to the method ConnectionFactory.CreateConnection: CompCode: 2, Reason: 2195 . During execution of the specified method an exception was thrown by another component. See the linked exception for more information.

UPDATE:

I found the following Technote which describes my problem and its possible (not tested) solution:

https://www-304.ibm.com/support/docview.wss?uid=swg1IC82112

Answer 1

Good that you found that Technote. Also make sure that...

• If doing mutual authentication (SVRCONN channel is set to SSLCAUTH(REQUIRED)) that the app's personal certificate has a label matching the service account. Example, if the app is running as dotnetacct the label of the personal cert in its keystore would be ibmwebspheremqdotnetacct.
• Get the channel running without SSL or an exit first. Then do server-authenticated SSL, then mutually authenticated SSL, then add the exit back in. This isolates problems.
• Use the latest WMQ client. I do not mean the latest fix pack for v7.0 or v7.1 but the latest v7.5 (as of this writing) client. Download as SupportPac MQC75. Later clients are compatible with back-level QMgrs and they have more fixes/features.
• Install the full client and not just the classes or assemblies you think you need. This gets you all sorts of utilities such as client-side tracing.
• Use the amqssslc sample to test your channel and certificates. This is usually at C:\Program Files (x86)\IBM\WebSphere MQ\tools\c\Samples\Bin\amqssslc.exe and is one of the utilities supplied when installing the full client.
• Go to the WMQ SupportPacs page and look for MH03 WebSphere MQ SSL Configuration Checker and MO04 WebSphere MQ SSL Wizard. These can help with configuration and problem diagnosis.