I found there were many reasons why a browser’s or curl application’s digital certificate did not work with MQWEB, from an option missing, to unsupported handshake option. Often there the messages were the vague “A problem has occurred”.
I tried to cause as many problems as possible, and blogged what you get, and the resolution; but event then I found there were even more ways of it failing.
I’ve written some java programs called checkTLS which act as a client or a server.
- You can use your web browser into the server application and see information about what is being used, and if it can detect any problems (such as expired CA)
- You can extract your certificates from the browser, and then talk to MQWEB, and see what happens in the handshake
This is alpha code. I would be interested in any comments
- Is this useful?
- Does it work for you?
- Is it too verbose?