Hi Kirishanthy, As per my knowledge this issue might be some thing related to a missing/expired certificate. I could find out these reported issues in IBM support docs which are quite similar to the issue you are facing.
http://www-01.ibm.com/support/docview.wss?uid=swg21650061 http://www-01.ibm.com/support/docview.wss?uid=swg21678628 http://www-01.ibm.com/support/docview.wss?uid=swg21488362 And also, please check on the host name as well, since the stack trace has "The host name was 'kasun-PC (127.0.0.1)'; in some cases the host name cannot be determined and so is shown as '????'" Thanks. On Sat, Nov 21, 2015 at 11:48 AM, Kirishanthy Tharmalingam < [email protected]> wrote: > Hi All , > > For the SSL configuration in IBM MQ I created the local queue > manager(SSLQM) , local queue(localq), server-connection channel(mychannel) > and enable the ssl in the channel , and LISTNER.TCP run on the port number > 1414. I used IBM MQ V 7.5 and java 1.7 . > > They are some steps I followed to do for running simple java client > program. > > 1. Creating key repository for queue manager [1]. > 2. Creating a self-signed personal certificate and extract the > certificate [2]. > 3. I used [3] for creating keystore and truststore for queue manager > and used SSL Context in my java client [4]. > 4. While setup the ciphersuite property value I have considered [5], > [6], [7] and [8]. > > when I run my client programme. I'm getting the following error [9] and > also I include queue manager error log file [10]. > > Is there any other way to overcome this issue? please advice me to solve > the issue. > > [1] > http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.sec.doc/q012680_.htm?lang=en > > [2] > http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.sec.doc/q012770_.htm?lang=en > > [3] > http://www.ibm.com/developerworks/websphere/library/techarticles/0510_fehners/0510_fehners.html > > [4] > https://github.com/Kirishanthy/IBM-MQ-Client/blob/master/ibmmqClient/src/main/java/MQProducerSSL.java > > [5] > http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.dev.doc/q031290_.htm?lang=en > > [6] > https://developer.ibm.com/answers/questions/178651/what-tls-ciphersuites-are-supported-when-connectin.html > > [7] > http://stackoverflow.com/questions/33718151/get-an-error-while-using-ssl-in-mq-java-client > > [8] > http://www.oracle.com/technetwork/java/javase/7u75-relnotes-2389086.html > > [9] > > MQJE001: Completion Code '2', Reason '2397'. > com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2397'. > at > com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:247) > at > com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:588) > at > com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:630) > at > com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:107) > at > com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:205) > at > com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:911) > at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:799) > at > com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:750) > at > com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:157) > at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:681) > at MQProducer_SSL.main(MQProducer_SSL.java:72) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140) > Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection > to host 'localhost(1414)' rejected. > [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake > failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed > connection during handshake],3=localhost/127.0.0.1:1414 > (localhost),4=SSLSocket.startHandshake,5=default]],3=localhost(1414),5=RemoteTCPConnection.protocolConnect] > at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2053) > at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1226) > at > com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:311) > at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:337) > at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:924) > at > com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:236) > ... 15 more > Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL > handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed > connection during handshake],3=localhost/127.0.0.1:1414 > (localhost),4=SSLSocket.startHandshake,5=default] > at > com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1187) > at > com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:724) > at > com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:400) > at > com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:299) > at > com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:164) > at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1598) > ... 20 more > Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed > connection during handshake > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) > at > com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1156) > at > com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1151) > at java.security.AccessController.doPrivileged(Native Method) > at > com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1149) > ... 25 more > Caused by: java.io.EOFException: SSL peer shut down incorrectly > at sun.security.ssl.InputRecord.read(InputRecord.java:482) > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934) > ... 32 more > > > [10] > > 11/21/2015 09:59:32 - Process(6000.4) User(MUSR_MQADMIN) > Program(amqrmppa.exe) > Host(KASUN-PC) Installation(Installation1) > VRMF(7.5.0.2) QMgr(SSLQM) > > AMQ9660: SSL key repository: password stash file absent or unusable. > > EXPLANATION: > The SSL key repository cannot be used because MQ cannot obtain a password > to > access it. Reasons giving rise to this error include: > (a) the key database file and password stash file are not present in the > location configured for the key repository, > (b) the key database file exists in the correct place but that no password > stash file has been created for it, > (c) the files are present in the correct place but the userid under which > MQ is > running does not have permission to read them, > (d) one or both of the files are corrupt. > > The channel is '????'; in some cases its name cannot be determined and so > is > shown as '????'. The channel did not start. > ACTION: > Ensure that the key repository variable is set to where the key database > file > is. Ensure that a password stash file has been associated with the key > database > file in the same directory, and that the userid under which MQ is running > has > read access to both files. If both are already present and readable in the > correct place, delete and recreate them. Restart the channel. > ----- amqccisa.c : 5577 > ------------------------------------------------------- > 11/21/2015 09:59:32 - Process(6000.4) User(MUSR_MQADMIN) > Program(amqrmppa.exe) > Host(KASUN-PC) Installation(Installation1) > VRMF(7.5.0.2) QMgr(SSLQM) > > AMQ9492: The TCP/IP responder program encountered an error. > > EXPLANATION: > The responder program was started but detected an error. > > The host name was 'kasun-PC (127.0.0.1)'; in some cases the host name > cannot be > determined and so is shown as '????'. > ACTION: > Look at previous error messages in the error files to determine the error > encountered by the responder program. > ----- amqrmrsa.c : 889 > -------------------------------------------------------- > > > > > -- > Thanks & Regards, > Kirishanthy > Associate Software Engineer > Mobile : +94 778333939 > [email protected] > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Dinithi De Silva* Associate Software Engineer, WSO2 Inc. m:+94716667655 | e:[email protected] | w: www.wso2.com | a: #20, Palm Grove, Colombo 03
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
