Hi All , For the SSL configuration in IBM MQ I created the local queue manager(SSLQM) , local queue(localq), server-connection channel(mychannel) and enable the ssl in the channel , and LISTNER.TCP run on the port number 1414. I used IBM MQ V 7.5 and java 1.7 .
They are some steps I followed to do for running simple java client program. 1. Creating key repository for queue manager [1]. 2. Creating a self-signed personal certificate and extract the certificate [2]. 3. I used [3] for creating keystore and truststore for queue manager and used SSL Context in my java client [4]. 4. While setup the ciphersuite property value I have considered [5], [6], [7] and [8]. when I run my client programme. I'm getting the following error [9] and also I include queue manager error log file [10]. Is there any other way to overcome this issue? please advice me to solve the issue. [1] http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.sec.doc/q012680_.htm?lang=en [2] http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.sec.doc/q012770_.htm?lang=en [3] http://www.ibm.com/developerworks/websphere/library/techarticles/0510_fehners/0510_fehners.html [4] https://github.com/Kirishanthy/IBM-MQ-Client/blob/master/ibmmqClient/src/main/java/MQProducerSSL.java [5] http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.dev.doc/q031290_.htm?lang=en [6] https://developer.ibm.com/answers/questions/178651/what-tls-ciphersuites-are-supported-when-connectin.html [7] http://stackoverflow.com/questions/33718151/get-an-error-while-using-ssl-in-mq-java-client [8] http://www.oracle.com/technetwork/java/javase/7u75-relnotes-2389086.html [9] MQJE001: Completion Code '2', Reason '2397'. com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2397'. at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:247) at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:588) at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:630) at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:107) at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:205) at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:911) at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:799) at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:750) at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:157) at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:681) at MQProducer_SSL.main(MQProducer_SSL.java:72) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140) Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'localhost(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]],3=localhost(1414),5=RemoteTCPConnection.protocolConnect] at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2053) at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1226) at com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:311) at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:337) at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:924) at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:236) ... 15 more Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default] at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1187) at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:724) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:400) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:299) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:164) at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1598) ... 20 more Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1156) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1151) at java.security.AccessController.doPrivileged(Native Method) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1149) ... 25 more Caused by: java.io.EOFException: SSL peer shut down incorrectly at sun.security.ssl.InputRecord.read(InputRecord.java:482) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934) ... 32 more [10] 11/21/2015 09:59:32 - Process(6000.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) Host(KASUN-PC) Installation(Installation1) VRMF(7.5.0.2) QMgr(SSLQM) AMQ9660: SSL key repository: password stash file absent or unusable. EXPLANATION: The SSL key repository cannot be used because MQ cannot obtain a password to access it. Reasons giving rise to this error include: (a) the key database file and password stash file are not present in the location configured for the key repository, (b) the key database file exists in the correct place but that no password stash file has been created for it, (c) the files are present in the correct place but the userid under which MQ is running does not have permission to read them, (d) one or both of the files are corrupt. The channel is '????'; in some cases its name cannot be determined and so is shown as '????'. The channel did not start. ACTION: Ensure that the key repository variable is set to where the key database file is. Ensure that a password stash file has been associated with the key database file in the same directory, and that the userid under which MQ is running has read access to both files. If both are already present and readable in the correct place, delete and recreate them. Restart the channel. ----- amqccisa.c : 5577 ------------------------------------------------------- 11/21/2015 09:59:32 - Process(6000.4) User(MUSR_MQADMIN) Program(amqrmppa.exe) Host(KASUN-PC) Installation(Installation1) VRMF(7.5.0.2) QMgr(SSLQM) AMQ9492: The TCP/IP responder program encountered an error. EXPLANATION: The responder program was started but detected an error. The host name was 'kasun-PC (127.0.0.1)'; in some cases the host name cannot be determined and so is shown as '????'. ACTION: Look at previous error messages in the error files to determine the error encountered by the responder program. ----- amqrmrsa.c : 889 -------------------------------------------------------- -- Thanks & Regards, Kirishanthy Associate Software Engineer Mobile : +94 778333939 [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
