MQCPE050 Security exception on port <insert_1> from the Administration
Client
Explanation
The MQIPT command server for the
specified command port tried to listen on the command port or accept a connection, but a security
exception was thrown as the specified permission has not been granted in the Java Security Manager policy. The exception might indicate that MQIPT is not permitted to listen on the specified command port,
or that MQIPT is not permitted to accept connections
from the specified host.
User response
Ensure that java.net.SocketPermission permissions for the following actions
are granted in the Java Security Manager policy:
- listen on the local port number of the command port.
- accept connections from any hosts that we want to allow to connect to the
command port.
The Java Security Manager must be restarted by refreshing or
restarting MQIPT for any policy changes to take
effect.
MQCPE051 Security exception accepting a connection on route <insert_1>
Explanation
A security exception was thrown while accepting a
connection on the specified route.
User response
The Java Security Manager has previously been
enabled, but permissions have not been granted for the host identified in the error message. To
allow the host to connect on this route, add a SocketPermission to
accept/resolve connections for the port specified by the route ListenerPort
property. The Java Security Manager must be restarted for any
changes to take effect.
MQCPE052 Connection request on route <insert_1> failed : <insert_2>
Explanation
This message is issued in the connection log to record
a security exception for a connection request.
User response
The Java Security Manager has previously been
enabled, but permissions have not been granted for the host identified in the error message. To
allow the host to connect on this route, add a SocketPermission to
accept/resolve connections for the port specified by the route ListenerPort
property. The Java Security Manager must be restarted for any
changes to take effect.
MQCPE053 Security exception making a connection to <insert_1>(<insert_2>)
Explanation
A security exception was thrown while making a connection
on the specified route.
User response
The Java Security Manager has previously been
enabled, but permissions have not been granted for the target identified in the error message. To
allow MQIPT to connect to the target on this route,
add a SocketPermission to connect/resolve connections for the port specified by
the route ListenerPort property. The Java Security Manager must be restarted for any changes to take
effect.
MQCPE054 Connection request to <insert_1>(<insert_2>) failed : <insert_3>
Explanation
This message is issued in the connection log to record
a security exception for a connection request to a target host.
User response
The Java Security Manager has previously been
enabled, but permissions have not been granted to make a connection to the target host identified in
the error message. To allow MQIPT to connect to the
target host, add a SocketPermission to connect/resolve connections for the port
specified by the route ListenerPort property. The Java Security Manager must be restarted for any changes to take
effect.
MQCPE055 ....Socks proxy name is missing
Explanation
The SocksProxy property must be set if the
SocksClient property has been set to true.
User response
Edit the configuration file and define a SocksProxy for the
given route.
MQCPE056 Conflict with route properties
Explanation
Some properties cannot be used with others.
User response
Check the console messages for details of the error
and take the appropriate action.
MQCPE057 SSL protocol (<insert_1>) was not recognized
Explanation
The route has been put into SSL/TLS proxy mode and the initial data flow is not
recognized.
User response
Make sure only SSL/TLS connections are being made to this route.
MQCPE058 CONNECT request to <insert_3>(<insert_4>) through <insert_1>(<insert_2>)
failed
Explanation
An HTTP CONNECT request was sent to the HTTP proxy
to create an SSL tunnel to the HTTP server. The HTTP proxy did not
send back a "200 OK" response to this request.
User response
This can be caused by various problems. Enable tracing
on the route and retry the connection. The trace file will show the
real error.
MQCPE059 There are no defined key ring files
Explanation
An SSL client or server has been defined without specifying
at least one key ring file.
User response
Use the SSLClientKeyRing and
SSLClientCAKeyRing properties on the client side, or
SSLServerKeyRing and SSLServerCAKeyRing on the server
side, to define a key ring file and then restart the route.
MQCPE060 Runtime error setting SSL client connect timeout to <insert_1> seconds
Explanation
An SSL runtime error has occurred on the client side
setting the timeout value.
User response
Check the value specified in the SSLClientConnectTimeout
property is valid. Running a trace on the given route will show further error
information.
MQCPE061 There are no enabled cipher suites
Explanation
An SSL client or server connection has been started
but MQIPT is unable to determine a valid cipher suite.
User response
Check there are valid certificates in the defined key ring file(s). The private and
public keys used to generate the certificates and the encryption algorithms used must comply with
the list of supported cipher suites. See CipherSuites
supported by MQIPT for the list of cipher suites supported by MQIPT.
MQCPE062 Runtime error setting SSL cipher suite <insert_1>
Explanation
An unsupported SSL cipher suite has been defined on
the client or server side.
User response
Check the value specified in the SSLClientCipherSuites or
SSLServerCipherSuites is valid and supported on this connection. Running a
trace on the given route will show the list of enabled cipher suites. See CipherSuites
supported by MQIPT for the list of cipher suites supported by MQIPT.
MQCPE063 File <insert_1> already exists - use the replace option
Explanation
The file name parameter specified for the mqiptPW command already
exists.
User response
Either choose another file name or use the replace
option.
MQCPE064 Runtime error generating decryption keys :\n <insert_1>
Explanation
An error has occurred while generating cipher keys
to decrypt the password used to open a key ring file.
User response
The runtime error listed in the message should be
rectified and the command run again.
MQCPE065 ....LDAP server name is missing
Explanation
The LDAPServer1 or LDAPServer2 property
must be set if the LDAP property has been set to
true.
User response
Edit the configuration file and define an LDAPServer* for the
given route.
MQCPE066 ....LDAP password is missing for LDAP server <insert_1>
Explanation
An LDAP userid has been specified without a password,
for either the main or backup LDAP server.
User response
Edit the configuration file and define an LDAP password for the given route. The
LDAPServer1Password property is for the main server and
LDAPServer2Password property is for the backup server.
MQCPE067 ....SSLClient or SSLServer missing for LDAP server
Explanation
The SSLClient or SSLServer property must
be set if the LDAP property has been set to true.
User response
Edit the configuration file and define an SSLClient or
SSLServer for the given route.
MQCPE068 ....Security exit name is missing
Explanation
The SecurityExitName property must be set if the
SecurityExit property has been set to true.
User response
Edit the configuration file and define a SecurityExitName for
the given route.
MQCPE071 Error writing to <insert_1>
Explanation
An error occurred while creating or updating the file containing the encrypted
password. The error message also contains the exception thrown.
User response
This error is generated from the mqiptPW command. The error
listed in the exception should be rectified and the command run again.
MQCPE072 An unknown error occurred in security exit <insert_1>
Explanation
An error occurred in a user-defined security exit
while validating a connection request.
User response
Enable tracing in the security exit and try the connection
request again. The error will be recorded in the security exit trace
file.
MQCPE073 Security exit <insert_1> timed out
Explanation
A user-defined security exit timed out while validating
a connection request.
User response
Increase the timeout period for the security exit
and try the connection request again.
MQCPE074 ....Certificate exit name is missing
Explanation
The SSLExitName property must be set if the
SSLClientExit or SSLServerExit property has been set to
true.
User response
Edit the configuration file and define a SSLExitName for the
given route.
MQCPE075 ....SSLPlainConnections needs SSLServer or SSLProxyMode enabled
Explanation
The SSLExitName property must be set if the
SSLClientExit or SSLServerExit property has been set to
true.
User response
Edit the configuration file and define a SSLExitName for the
given route.
MQCPE076 Route <insert_1> property <insert_2> contains unsupported CipherSuites. The following
CipherSuites are unsupported: <insert_3>
Explanation
At least one unsupported cipher suite was included in the
SSLClientCipherSuites or SSLServerCipherSuites
property.
User response
Edit the configuration file and remove the unsupported cipher suite from the route
configuration.
MQCPE077 Route <insert_1> property <insert_2> specifies file location <insert_3> which does
not exist.
Explanation
A route property refers to a file or directory which
does not exist.
User response
Edit the configuration file and specify the correct
location for the file or directory.
MQCPE078 Route <insert_1> property <insert_2> specifies file location <insert_3> which
cannot be read.
Explanation
A route property refers to a file that cannot be read.
User response
Ensure that the file permissions allow MQIPT to read it.
MQCPE079 Route <insert_1> site certificate label <insert_2> was not found in key ring file
<insert_3>.
Explanation
A site certificate label was specified but it was not found in the key ring
file.
User response
Ensure that correct site certificate label is specified and that the certificate
exists in the appropriate key ring.
MQCPE080 Unable to determine MQIPT installation directory. Set the
MQIPT_PATH environment variable to the absolute path of the top-level
MQIPT directory.
Explanation
The MQIPT command was unable to
determine the installation directory.
User response
Set the MQIPT_PATH environment variable to the absolute path of
the top-level MQIPT directory.
MQCPE081 Invalid MQIPT_PATH <insert_1>. The directory does not exist or does not contain a valid
MQIPT installation.
Explanation
The MQIPT_PATH environment variable is set incorrectly. Either the
directory does not exist or the directory is not an MQIPT installation.
User response
Check the MQIPT_PATH environment variable is set correctly and
re-run the command.
MQCPE082 Unable to install the MQIPT service because a service is
already installed. Only one MQIPT service may be installed at a time.
Explanation
The user attempted to install the MQIPT service, but an MQIPT service is already installed.
Only one MQIPT service may be installed on the system
at a time.
User response
Merge the required routes into the existing MQIPT service configuration, or remove the existing service and
install the new service in its place.
MQCPE083 Unable to remove the MQIPT service because the installed
service was not installed by the current MQIPT installation. Run mqiptService
from the MQIPT installation that installed the service.
Explanation
The MQIPT service can only be removed
using the MQIPT installation that originally installed
it. This error occurs when you have multiple MQIPT
installations on the system and you attempt to remove the MQIPT service using a different installation from the one that
originally installed it.
User response
Run the command mqiptService -remove from the correct MQIPT installation.
MQCPE084 The MQIPT service is not installed.
Explanation
The user attempted to remove the MQIPT
service but there is no MQIPT service
installed.
MQCPE085 Error refreshing the Java Security Manager
policy\n<insert_1>
Explanation
An exception was thrown while trying to refresh the Java Security Manager policy.
User response
Investigate the cause of the error and ensure that
the updated policy file has the correct syntax.
MQCPE086 Security exit <insert_1> for route <insert_2> failed to initialize due to error
<insert_3>.
Explanation
The security exit initialization method returned an
unexpected error, which prevented the route from starting.
User response
Investigate the cause of the error and restart the
route.
MQCPE087 Security exit <insert_1> for route <insert_2> failed to load due to error
<insert_3>.
Explanation
The security exit could not be loaded, which prevented
the route from starting.
User response
Investigate the cause of the exit load error and
restart the route.
MQCPE088 Certificate exit <insert_1> for route <insert_2> failed to initialize due to error
<insert_3>.
Explanation
The certificate exit initialization method returned
an unexpected error, which prevented the route from starting.
User response
Investigate the cause of the error and restart the
route.
MQCPE089 Certificate exit <insert_1> for route <insert_2> failed to load due to error
<insert_3>.
Explanation
The certificate exit could not be loaded, which prevented
the route from starting.
User response
Investigate the cause of the exit load error and
restart the route.
MQCPE090 The security exit rejected the connection with return code <insert_1> and error
<insert_2>.
Explanation
The security exit rejected a connection to the route
listener port.
User response
Investigate the error returned by the exit.
MQCPE091 The SSLClient certificate exit rejected the connection with return code <insert_1> and
error <insert_2>.
Explanation
The SSL client certificate exit rejected the remote server certificate.
User response
Investigate the error returned by the exit.
MQCPE092 The SSLServer certificate exit rejected the connection with return code <insert_1> and
error <insert_2>.
Explanation
The SSL server certificate exit rejected the remote client certificate.
User response
Investigate the error returned by the exit.
MQCPE093 Global property <insert_1> specifies file location <insert_2> which does not
exist.
Explanation
A global property refers to a file or directory which
does not exist.
User response
Edit the configuration file and specify the correct
location for the file or directory.
MQCPE094 Global property <insert_1> specifies file location <insert_2> which cannot be
read.
Explanation
A global property refers to a file that cannot be read.
User response
Ensure that the file permissions allow MQIPT to read it.
MQCPE095 The MQIPT installation directory
<insert_1> must not contain a space on this platform.
Explanation
The MQIPT installation directory
contains a space character, which is not supported on UNIX or Linux .
User response
Rename the installation directory so that it does
not contain a space.
MQCPE096 Error enabling TCP keep alive
Explanation
The TCP keep alive route property is set, but MQIPT
was unable to enable TCP keep alive.
User response
Investigate the cause of the failure or disable TCP
keep alive.
MQCPE097 ....SSLClient needs to be true for HTTPS communication
Explanation
The SSLClient property must be set to true if
HTTPS has been set to true.
User response
Edit the configuration file and define SSLClient as
true for the given route.
MQCPE098 ....HTTPS needs to be true when SSLClient and HTTP are both set to true
Explanation
The HTTPS property must be set to true if
HTTP and SSLClient have been set to
true.
User response
Edit the configuration file and define HTTPS as
true for the given route.
MQCPE099 <insert_1> on route <insert_2> requires MQ Advanced capabilities to be
enabled
Explanation
A property specified for a route requires extended capabilities in IBM MQ Advanced. However, these capabilities are not
enabled.
User response
If we have IBM MQ Advanced, IBM MQ Advanced for z/OS VUE, or IBM MQ Appliance entitlement, enable the extended capabilities in
IBM MQ Advanced with the
EnableAdvancedCapabilities property. To use IBM MQ Advanced capabilities on a route, the local queue manager that
is connected using the route is also required to have IBM MQ Advanced, IBM MQ Advanced for z/OS VUE, or IBM MQ Appliance entitlement.
MQCPE100 Route <insert_1> site certificate label <insert_2> was not found in cryptographic
hardware key store <insert_3>.
Explanation
A site certificate label was specified but it was not found in the cryptographic
hardware key store.
User response
Ensure that correct site certificate label is specified and that the certificate
exists in the key store.
MQCPE101 Invalid password protection mode specified.
Explanation
An invalid password protection mode was specified as a parameter to the
mqiptPW command.
User response
Rerun the mqiptPW command, specifying a valid protection
mode.
MQCPE102 Encryption key file cannot be specified with password protection mode
<insert_1>.
Explanation
A password encryption key file was specified as a parameter to the
mqiptPW command, but an encryption key cannot be used with the specified password
protection mode.
User response
Rerun the mqiptPW command, specifying a valid combination of
parameters.
MQCPE103 Encryption key file <insert_1> does not exist or cannot be read
Explanation
An encryption key file was specified for use by MQIPT or the mqiptPW command, but the file
either does not exist or cannot be accessed.
User response
Ensure that the encryption key file exists, the user that is running MQIPT or the mqiptPW command has read access
to the file, and that the correct encryption key file is specified.
MQCPE104 Error encrypting password <insert_1>
Explanation
An error occurred when encrypting a password.
User response
Investigate the cause of the error in the exception that follows this
message.
MQCPE105 Error reading encryption key file <insert_1>
Explanation
An error occurred when reading the password encryption key file.
User response
Ensure that the correct encryption key file is specified, and that the file is
readable by the user running MQIPT or the
mqiptPW command.
MQCPE106 Error decrypting password in property <insert_1>
Explanation
The encrypted password in the specified property cannot be
decrypted.
User response
Ensure that the value of the property, or the contents of the file that the
property references, is the output of running the mqiptPW command with a password
protection mode specified that is supported by this version of MQIPT.
MQCPE107 Error reading encrypted password file <insert_1>
Explanation
An error occurred when reading a file containing an encrypted
password.
User response
Ensure that the correct password file is specified, and that the file is readable
by the user running MQIPT.
MQCPE108 Property <insert_1> cannot be specified with property <insert_2>
Explanation
The two indicated properties cannot both be specified in the MQIPT configuration.
User response
Edit the MQIPT configuration to
specify only one of the indicated properties.
MQCPE109 Encryption key file <insert_1> is not correctly formatted
Explanation
The contents of the specified password encryption key file is not in the correct
format.
User response
Ensure that the password encryption key file contains at least one character, and
only one line of text.
MQCPE110 MQIPT with name <insert_1> is already active
Explanation
MQIPT cannot start as there is an
instance of MQIPT with the same name already active on
the local machine.
User response
Issue the command to start MQIPT,
specifying a unique name for the instance of MQIPT to
be started.
MQCPE111 Local administration is unavailable
Explanation
Administration of local instances of MQIPT without using the command port is
unavailable.
User response
Ensure that the MQIPT installation is
not corrupted, and that the Java runtime environment used when
starting MQIPT or the mqiptAdmin
command is the one supplied with MQIPT. If the problem
persists, contact the IBM service
representative.
MQCPE112 Command port <insert_1> site certificate label <insert_2> was not found in key ring
file <insert_3>.
Explanation
A site certificate label was specified for the command server listening on the
specified port, but a certificate with that label was not found in the key ring
file.
User response
Ensure that the correct site certificate label is specified in the
SSLCommandPortSiteLabel property, and that the certificate exists in the
appropriate key ring.
MQCPE113 Command port <insert_1> site certificate label <insert_2> was not found in
cryptographic hardware key store <insert_3>.
Explanation
A site certificate label was specified for the command server listening on the
specified port, but a certificate with that label was not found in the cryptographic hardware key
store.
User response
Ensure that the correct site certificate label is specified in the
SSLCommandPortSiteLabel property, and that the certificate exists in the key
store.
MQCPE114 <insert_1> requires MQ Advanced capabilities to be enabled
Explanation
A property specified requires extended capabilities in IBM MQ Advanced. However, these capabilities are not
enabled.
User response
If we have IBM MQ Advanced, IBM MQ Advanced for z/OS VUE, or IBM MQ Appliance entitlement, enable the extended capabilities in
IBM MQ Advanced with the
EnableAdvancedCapabilities property.
MQCPE115 The command server on port <insert_1> did not start because of the following error:
<insert_2>
Explanation
The command server for one of the command ports did not start because of the
specified error.
User response
Correct the problem that is indicated in the error message. Then issue the refresh
command to restart the command server.
MQCPE116 Configuration errors detected during refresh
Explanation
MQIPT detected errors in the values of
some configuration properties during the refresh process. The effective values for any properties
affected by the errors have not been changed.
User response
Correct the problems that are indicated in the preceding messages, then issue the
refresh command again.
MQCPI001 <insert_1> starting
Explanation
This MQIPT instance is beginning execution. Further
initialization messages will follow.
MQCPI002 <insert_1> shutting down
Explanation
MQIPT is going to shut down. This can
result from a STOP command, or automatically if a configuration error prevents a
successful startup or REFRESH action.
MQCPI003 <insert_1> shutdown complete
Explanation
The shutdown process has completed. All MQIPT processes
are now ended.
MQCPI004 Reading configuration information from <insert_1>
Explanation
The MQIPT configuration file
mqipt.conf is being read from the directory described in this
message.
MQCPI005 Listener port specified as not active - <insert_1> ->
<insert_2>(<insert_3>)
Explanation
The route referred to in the message has been marked
as inactive. No communication requests will be accepted on this route.
MQCPI006 Route <insert_1> is starting and will forward messages to :
Explanation
A route has been started on the listener port shown
in this message. This message is followed by other messages listing
any properties associated with this route. Message MQCPI078 will
be issued when the route is ready to accept connections.
MQCPI007 Route <insert_1> has been stopped
Explanation
The route that was operating on the specified listener port is being shut down. This
action normally occurs when a REFRESH command is issued to MQIPT and the route configuration has been
changed.
MQCPI008 Listening for control commands on port <insert_1> on local address
<insert_2>
Explanation
This MQIPT instance is listening for
control commands on the specified port and local address. An asterisk (*) indicates that MQIPT is listening for commands on all network
interfaces.
MQCPI009 Control command received: <insert_1>
Explanation
This message indicates that a control command has
been received at the command port. Where applicable, details are included
in the message.
MQCPI010 Stopping command port on <insert_1>
Explanation
On a REFRESH operation, the command port is no longer in use in
the new configuration. Commands will no longer be accepted at the specified port.
MQCPI011 The path <insert_1> will be used to store the log files
Explanation
Logging output will be directed to the location described
in this message, under the current configuration.
User response
This may change if the configuration is amended and a REFRESH
operation is requested.
MQCPI012 Changing the value of MinConnectionThreads has no effect
after the route is started
Explanation
The minimum number of connection threads is assigned
at route startup and cannot be changed until MQIPT is restarted.
MQCPI013 Connection from <insert_1> to host <insert_2> closed
Explanation
This message is issued in the connection log to record
connection activity.
MQCPI014 Protocol eyecatcher (<insert_1>) not recognized
Explanation
This message is issued in the connection log to record
connection activity.
MQCPI015 Client access has been disabled on this route
Explanation
This message is issued in the connection log to record
connection activity.
MQCPI016 Queue manager access has been disabled on this route
Explanation
This message is issued in the connection log to record
connection activity.
MQCPI017 A queue manager on <insert_1> was connected to host <insert_2>
Explanation
This message is issued in the connection log to record
connection activity.
MQCPI018 A client on <insert_1> was connected to host <insert_2>
Explanation
This message is issued in the connection log to record
connection activity.
MQCPI019 <insert_1> routes have been created - this exceeds the maximum number of supported
routes, which is <insert_2>
Explanation
The maximum number of supported routes has been exceeded.
User response
MQIPT will continue to operate, but you might want
to create a second MQIPT instance and split the routes between the
two.
MQCPI021 Password checking has been enabled on the command port
Explanation
A password is required to access the command port.
MQCPI022 Password checking has been disabled on the command port
Explanation
A password is not required to access the command port. To configure password
authentication on the command port, set both the RemoteCommandAuthentication
and AccessPW properties.
MQCPI024 ....and HTTP proxy at <insert_1>(<insert_2>)
Explanation
This message indicates that the outgoing connection
for this route will be made using this HTTP proxy.
MQCPI025 The refresh requested by Administration Client <insert_1> has finished
Explanation
As a result of receiving a REFRESH command, MQIPT is reading the configuration file and
restarting.
MQCPI026 Administration Client <insert_1> has requested shutdown
Explanation
As a result of receiving a STOP command, the MQIPT is shutting down.
MQCPI027 <insert_1> command sent to MQIPT at <insert_2> on port <insert_3>
Explanation
The command specified has been sent by the administration client to MQIPT at the specified network address and command
port.
MQCPI031 ......cipher suites <insert_1>
Explanation
This message lists the cipher suites in use for this route or command
port.
MQCPI032 ......key ring file <insert_1>
Explanation
This message gives the file name of the key ring for this route or command
port.
MQCPI033 ......client authentication set to <insert_1>
Explanation
This message defines whether an SSL server is requesting
client authentication for this route.
MQCPI034 ....<insert_1>(<insert_2>)
Explanation
This message shows the destination and destination
port address for this route.
MQCPI035 ....using <insert_1> protocol
Explanation
This message shows the protocol being used to the route
destination.
MQCPI036 ....SSL Client side enabled with properties :
Explanation
This message shows that the route will be using SSL/TLS to send data to the
destination host.
MQCPI037 ....SSL Server side enabled with properties :
Explanation
This message shows that the route will be using SSL/TLS to receive data from the
sending host.
MQCPI038 ......peer certificate uses <insert_1>
Explanation
This message lists the distinguished names used to
control authentication of peer certificates.
MQCPI039 ....and SOCKS proxy at <insert_1>(<insert_2>)
Explanation
This message shows that the outgoing connection for this route will be made using
the specified SOCKS proxy.
MQCPI040 Command port <insert_1> has been accessed by the Administration Client from network
address <insert_2>
Explanation
The MQIPT command server listening on
the specified port, has received a connection from the administration client at the specified remote
network address.
MQCPI042 Maximum connections reached on route <insert_1> - further requests will be
blocked
Explanation
This message is written to the system console when the maximum number of connections
has been reached for the given route. Further requests will be blocked until a connection becomes
free or the MaxConnectionThreads value is increased.
MQCPI043 Connections on route <insert_1> now unblocked
Explanation
This message is written to the system console when
the given route is unblocked for connection requests.
MQCPI047 ......CA key ring file <insert_1>
Explanation
This message gives the file name of the CA key ring
for this route.
MQCPI048 The ping by Administration Client <insert_1> has finished
Explanation
Response message from the IPTController to Administration
Client.
MQCPI050 Adding entry to inittab to automatically start MQIPT at system startup
Explanation
User has run the mqiptService script to start MQIPT as a system service.
MQCPI051 Removing entry from inittab that automatically starts MQIPT
at system startup
Explanation
User has run the mqiptService script to remove MQIPT from starting as a system service.
MQCPI052 ....Socks server side enabled
Explanation
This route will act as a SOCKS server (proxy) and
will accept connections from a socksified application.
MQCPI053 Starting the Java Security Manager
Explanation
The default Java Security Manager will be
started as the SecurityManager property has been set to true.
MQCPI054 Stopping the Java Security Manager
Explanation
The default Java Security Manager will be
stopped as the SecurityManager property has been set to false.
MQCPI055 Setting the java.security.policy to <insert_1>
Explanation
The default Java Security Manager is about to be started and will use the supplied policy file.
MQCPI057 ....trace level <insert_1> enabled
Explanation
This message is written to the system console when a route is started to show the
level of tracing enabled on this route.
MQCPI058 ....and a URI name of <insert_1>
Explanation
This message is written to the system console when a route is started to show the
Uniform Resource Identifier name on this route.
MQCPI060 Installing files to automatically start MQIPT at system startup
Explanation
User has run the mqiptService script to start MQIPT as a system service.
MQCPI061 Removing files that automatically starts MQIPT at system
startup
Explanation
User has run the mqiptService script to remove MQIPT from starting as a system service.
MQCPI064 ......no SSL authentication on this route
Explanation
This message is written to the system console when
a route is started and shows there is no SSL authentication is in
use for this route, as an anonymous cipher suite has been specified.
MQCPI066 ....and HTTP server at <insert_1>(<insert_2>)
Explanation
This message indicates that the outgoing connection
for this route will be made using this HTTP server.
MQCPI069 ....binding to local address <insert_1> when making new connections
Explanation
This message shows the local IP address each new connection
is bound to the destination address. This should only be used on
a multihomed system.
MQCPI070 ....using local port address range <insert_1>-<insert_2> when making new
connections
Explanation
This message shows the local port addresses that will
be used for new connections. This will allow firewall administrators
to restrict connections from MQIPT.
MQCPI071 ......site certificate uses <insert_1>
Explanation
This message lists the distinguished names used to
control selection of a site certificate.
MQCPI072 ......and certificate label <insert_1>
Explanation
This message lists the label name used to control
selection of a site certificate.
MQCPI073 Updated file <insert_1>
Explanation
The specified file has been updated by the mqiptPW
command.
MQCPI074 Created file <insert_1>
Explanation
The specified file has been created by the mqiptPW
command.
MQCPI075 ....LDAP main server at <insert_1>(<insert_2>)
Explanation
This message lists the name of the main LDAP server
used for CRL support.
MQCPI076 ....LDAP backup server at <insert_1>(<insert_2>)
Explanation
This message lists the name of the backup LDAP server
used for CRL support.
MQCPI077 ....LDAP errors will be ignored
Explanation
This message means that any errors received from LDAP
will be ignored.
MQCPI078 Route <insert_1> ready for connection requests
Explanation
This message is displayed when a route is ready to
accept connection requests.
MQCPI079 ....using security exit <insert_1>
Explanation
This message is written to the system console when a route is started to show the
fully qualified name of the security exit.
MQCPI080 ......and timeout of <insert_1> second(s)
Explanation
This message is written to the system console when a route is started to show the
timeout value of the security or certificate exit.
MQCPI083 ....refresh commands will not restart the route
Explanation
This message indicates that when a refresh command
has been issued the route will not be restarted.
MQCPI084 ......CRL cache expiry timeout is <insert_1> hour(s)
Explanation
This console message displays how long a CRL (or ARL)
will remain in the MQIPT cache.
MQCPI085 ....CRLs will be saved in the key ring file(s)
Explanation
This console message means that any CRLs (or ARLs)
retrieved from an LDAP server will be saved in the key ring file,
attached to the associated CA certificate.
MQCPI086 ......timeout of <insert_1> second(s)
Explanation
This message is written to the system console when a route is started to show the
timeout value for connecting to the LDAP server.
MQCPI087 ......userid is <insert_1>
Explanation
This message is written to the system console when a route is started to show the
userid name to connect to the LDAP server.
MQCPI088 ....buffer size <insert_1>
Explanation
This message is written to the system console when a route is started to show the
size of buffers being used, but only if not the value of 65535. This value will only be used if
greater than the default value of 65535.
MQCPI090 ......search baseDN uses <insert_1>
Explanation
This message is written to the system console when a route is started to show the
LDAP baseDN key names to retrieve CRLs (and ARLs).
MQCPI091 ....allow plain connections
Explanation
This message is written to the system console when a route is started to indicate
that plain connections are allowed when acting as an SSL server or running in SSL proxy
mode.
MQCPI092 ....socket timeout <insert_1> ms
Explanation
This message shows the socket timeout value (in milliseconds)
MQCPI127 ....in full duplex mode
Explanation
This message shows the HTTP protocol being used to
the destination is working in full duplex mode.
MQCPI128 ....in half duplex mode
Explanation
This message shows the HTTP protocol being used to
the destination is working in half duplex mode.
MQCPI129 ......using certificate exit <insert_1>
Explanation
This message is written to the system console when
a route is started. Used to show the fully qualified name of the certificate
exit.
MQCPI130 Connection to caller closed due to connection failure to
destination
Explanation
This message is written to the connection log for
the closed connection to the caller, when MQIPT failed to connect
to the target destination.
User response
See previous connection failure for reason of closure.
MQCPI131 ......and certificate exit data ''<insert_1>''
Explanation
This message is written to the system console when
a route is started. Used to show the data for the certificate exit.
MQCPI132 ....listening on local address <insert_1>
Explanation
This message shows the local IP address the route
is listening on. This should only be used on a multihomed system.
MQCPI138 The Java Security Manager
policy has been refreshed.
Explanation
The Java Security Manager is still enabled and the policy has been re-read. Any changes
to the security policy will now take effect.
MQCPI139 ......secure socket protocols <insert_1>
Explanation
This message lists the secure socket protocol versions enabled for this route or
command port.
MQCPI140 ....TCP keep alive enabled
Explanation
This message shows that TCP keep alive parameter has
been enabled
MQCPI141 ......cryptographic hardware key store
Explanation
This route or command port uses cryptographic hardware that supports the PKCS #11
interface for either the server or client key store.
MQCPI142 ......cryptographic hardware CA key store
Explanation
This route uses cryptographic hardware that supports the PKCS #11 interface for
either the server or client CA key store.
MQCPI143 MQ Advanced capabilities enabled
Explanation
IBM MQ Advanced extended capabilities are
enabled.
MQCPI144 MQ Advanced capabilities not enabled
Explanation
IBM MQ Advanced extended capabilities are not
enabled.
MQCPI145 Enter password
Explanation
Prompt to enter a password by the mqiptPW
command.
MQCPI150 No password specified.
Explanation
No password was specified for the mqiptPW command to encrypt. The
program terminates.
MQCPI151 Reading password encryption key from <insert_1>
Explanation
The encryption key for passwords stored by MQIPT is being read from the specified file.
MQCPI152 MQIPT name is <insert_1>
Explanation
The name for this instance of MQIPT is
displayed.
MQCPI153 Password checking is optional on the command port
Explanation
Connections to the command port can optionally supply a password for authentication.
The password is checked if it is supplied.
MQCPI155 Listening for control commands on port <insert_1> on local address <insert_2> using
TLS
Explanation
This MQIPT instance is listening for
control commands on the specified port and local address. Connections to this port are secured using
TLS. An asterisk (*) indicates that MQIPT is listening
for commands on all network interfaces.
MQCPW001 CRL expired for <insert_1>
Explanation
This message is displayed when a CRL (or ARL) is retrieved
from an LDAP server.
User response
Update the specified CRL in the LDAP server.
MQCPW003 ....Expired CRLs will be ignored
Explanation
This console message means that any expired CRLs (or
ARLs) will be ignored and the connection request may be allowed.
MQCPW004 ......SSLServerAskClientAuth is disabled, certificate exit
might not be called
Explanation
This console message is displayed at startup to show a conflict with the
SSLServerExit and SSLServerAskClientAuth
properties.
User response
With SSLServerAskClientAuth disabled, the SSL client is not
required to send an SSL certificate, so the certificate exit might not be called.
MQCPW005 Route <insert_1> <insert_2> key ring file <insert_3> certificate <insert_4>
serial number <insert_5> is not yet valid. The certificate cannot be used before
<insert_6>.
Explanation
This console message is displayed at route startup if one of the key ring files
contains a certificate which is not yet valid because its Not Before date is in the
future.
User response
Check that the system clock is set correctly. If
your organization operates its own CA, check the system clock on the
CA system.
MQCPW006 Route <insert_1> <insert_2> key ring file <insert_3> certificate <insert_4>
serial number <insert_5> has expired. The certificate cannot be used after
<insert_6>.
Explanation
This console message is displayed at route startup if one of the key ring files
contains a certificate which has expired.
User response
Check that the system clock is set correctly. If
the clock is set correctly, obtain a replacement certificate.
MQCPW007 Route <insert_1> property <insert_2> is invalid.
Explanation
A property specified for this route is invalid for this version of MQIPT. The property will be ignored and the route will continue
to start up.
User response
Remove the invalid property from the route definition.
MQCPW008 Route <insert_1> certificate <insert_2> serial number <insert_3> is not yet valid.
The certificate cannot be used before <insert_4>. The certificate is stored in the cryptographic
hardware key store <insert_5>.
Explanation
This console message is displayed at route startup if the cryptographic hardware key
store contains a certificate which is not yet valid because its Not Before date is in the
future.
User response
Check that the system clock is set correctly. If your organization operates its own
CA, check the system clock on the CA system.
MQCPW009 Route <insert_1> certificate <insert_2> serial number <insert_3> has expired. The
certificate cannot be used after <insert_4>. The certificate is stored in the cryptographic
hardware key store <insert_5>.
Explanation
This console message is displayed at route startup if the cryptographic hardware key
store contains a certificate which has expired.
User response
Check that the system clock is set correctly. If the clock is set correctly, obtain
a replacement certificate.
MQCPW010 Deprecated command syntax used.
Explanation
A command was issued using a syntax that is deprecated, and which does not offer the
full range of command options. The deprecated syntax of the mqiptPW command does
not allow passwords to be encrypted using the most secure method.
User response
Review the command syntax and plan to issue the command using the latest syntax in
the future.
MQCPW011 Unprotected or weakly protected password specified in property <insert_1>
Explanation
A plain text or weakly protected password is specified in the indicated
property.
User response
To store the password securely, use the mqiptPW command to
encrypt the password with the latest protection mode.
MQCPW012 Unprotected or weakly protected password specified in property <insert_1> for route
<insert_2>
Explanation
A plain text or weakly protected password is specified in the indicated property on
the specified route.
User response
To store the password securely, use the mqiptPW command to
encrypt the password with the latest protection mode.
MQCPW013 Command port <insert_1> is unprotected
Explanation
MQIPT is configured to listen for
commands on the indicated port, but this port is not secured with TLS. Other systems on the network
might be able to view data sent to this port by the mqiptAdmin command, including
sensitive data such as the MQIPT access password.
User response
Use the SSLCommandPort property to configure a command port
that is secured with TLS.
MQCPW014 Command port <insert_1> certificate <insert_2> serial number <insert_3> is not yet
valid. The certificate cannot be used before <insert_4>. The certificate is stored in the key
ring file <insert_5>.
Explanation
The key ring file used by the command server for the specified command port contains
a certificate which is not yet valid because its Not Before date is in the future.
User response
Check that the system clock is set correctly. If your organization operates its own
CA, check the system clock on the CA system.
MQCPW015 Command port <insert_1> certificate <insert_2> serial number <insert_3> has
expired. The certificate cannot be used after <insert_4>. The certificate is stored in the key
ring file <insert_5>.
Explanation
The key ring file used by the command server for the specified command port contains
a certificate which has expired.
User response
Check that the system clock is set correctly. If the clock is set correctly, obtain
a replacement certificate.
MQCPW016 Command port <insert_1> certificate <insert_2> serial number <insert_3> is not yet
valid. The certificate cannot be used before <insert_4>. The certificate is stored in the
cryptographic hardware key store <insert_5>.
Explanation
The cryptographic hardware key store used by the command server for the specified
command port contains a certificate which is not yet valid because its Not Before date is in the
future.
User response
Check that the system clock is set correctly. If your organization operates its own
CA, check the system clock on the CA system.
MQCPW017 Command port <insert_1> certificate <insert_2> serial number <insert_3> has
expired. The certificate cannot be used after <insert_4>. The certificate is stored in the
cryptographic hardware key store <insert_5>.
Explanation
The cryptographic hardware key store used by the command server for the specified
command port contains a certificate which has expired.
User response
Check that the system clock is set correctly. If the clock is set correctly, obtain
a replacement certificate.