AMQ9637: Channel is lacking a Certificate error in the WMQ log when SSLCAUTH is set to REQUIRED

Resolving The Problem

You have generated or installed personal certificates for both the queue manager and your client, and signer certificates are in both the queue manager's and the client's trust stores.

When you start the channel and set the SSLCAUTH attribute value on the channel to OPTIONAL, the channel starts successfully, This indicates that the queue managers certificate is working and the key store and trust store on the WMQ server is working correctly, and the trust store on the client is also working as expected. However, when setting the SSLCAUTH attribute value on the channel to REQUIRED the channel fails to start. In this case you may have used the java keytool or another tool to create the key store on the client machine.

If you did not specify the key generation command to use the RSA signature algorithm when generating your private key, this would mean that the DSA signature algorithm was used for the private key as it is typically the default. The DSA signature algorithm may not be compatible with the client software that is trying to use it, and therefore this certificate can not be presented to the WMQ server. If this is the case, regenerating your private key using the RSA signature algorithm will resolve the error.

Since the RSA signature algorithm is widely supported, regenerate your private key using the RSA algorithm.