AMQ9716E: Remote SSL certificate revocation status check failed for channel …

EXPLANATION: IBM MQ failed to determine the revocation status of the remote SSL certificate
for one of the following reasons:
(a) The channel was unable to contact any of the CRL servers or OCSP responders for the certificate.
(b) None of the OCSP responders contacted knows the revocation status of the certificate.
(c) An OCSP response was received, but the digital signature of the response could not be verified.

Colin’s comments

  • The channel definition did not have a CERTLABEL(…) specified.
  • The keystore on the client end did not have the certificate label in it.
  • The wrong keystore was used, for example  environment MQSSLKEYR was set to the wrong keystore.    Or the SSL stanza SSLKeyRepository was set to the wrong keystore.

See Debugging MQ client connection problems:keystore for some hints on finding the keystore

See Debugging MQ client connection problems:certlabel for some hints on finding the certificate label name.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s