EXPLANATION: IBM MQ failed to determine the revocation status of the remote SSL certificate
for one of the following reasons:
(a) The channel was unable to contact any of the CRL servers or OCSP responders for the certificate.
(b) None of the OCSP responders contacted knows the revocation status of the certificate.
(c) An OCSP response was received, but the digital signature of the response could not be verified.
- The channel definition did not have a CERTLABEL(…) specified.
- The keystore on the client end did not have the certificate label in it.
- The wrong keystore was used, for example environment MQSSLKEYR was set to the wrong keystore. Or the SSL stanza SSLKeyRepository was set to the wrong keystore.
See Debugging MQ client connection problems:keystore for some hints on finding the keystore
See Debugging MQ client connection problems:certlabel for some hints on finding the certificate label name.