I am using MQ client 9.1 and able to successfully connect via SSL from my .Net application when I use keystore.kdb file.
My question is, can I still connect from .Net application if I don't use keystore.kdb file and instead just import SSL certificate in Windows machine?
I tried but can't find any syntax or way to do it so just curious if it is even possible?
EDIT
Here is relevant part of my code.
MQEnvironment.SSLKeyRepository = "*SYSTEM";
QProperties["CertificateLabel"] = "MyCert";
QProperties[MQC.SSL_CERT_STORE_PROPERTY] = "*SYSTEM";
If I use amqmdnet.dll and run code then I get error MQRC_KEY_REPOSITORY_ERROR
If I use amqmdnetstd.dll and run code then I get error MQRC_HOST_NOT_AVAILABLE
EDIT
After I enabled trace, I am getting following error in logs. TLS1.2 is enabled on this machine. No idea what is causing below error.
The client and server cannot communicate because they do not possess a common algorithm
EDIT
SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 are disabled.
Only TLS 1.2 is enabled.
EDIT
I used the SslTcpClient example given below and it was throwing exact same error as mentioned above. Then I modified just one line of code and now I am able to connect. The trick was to define SSL protocol version 1.2. But how can I do the same in MQ?
Example
https://learn.microsoft.com/en-us/dotnet/api/system.net.security.sslstream?view=net-8.0
Original code which is throwing error
sslStream.AuthenticateAsClient(serverName);
Modified code which worked
sslStream.AuthenticateAsClient(serverName, null, SslProtocols.Tls12, true);
You are restricted to the key database file, I am afraid. This is documented in MQ V.9.3 doc here. MQ V.9.1 doc tells the same, with the additional information that your version is out of support.