Hi We had a hard time doing this sometimes back, have you followed up the discussion given blow ?
*"Configuring WSO2 ESB and IBM Websphere enabling SSL"* You can find blog in [1] (which is pretty much abstract but has some critical steps) Why do you need to setup with IBM MQ V 7.5? Why don't you try with IBM 8 with service pack (which is working) If nothing works please contact *HasithaA* [1] http://www.dushantech.com/2015/06/connecting-ibm-mq-with-wso2-esb-via-ssl.html Cheers, Dushan On Sun, Dec 6, 2015 at 8:08 PM, Dinithi De Silva <[email protected]> wrote: > Hi Kirishanthy, > > As per my knowledge this issue might be some thing related to a > missing/expired certificate. I could find out these reported issues in IBM > support docs which are quite similar to the issue you are facing. > > http://www-01.ibm.com/support/docview.wss?uid=swg21650061 > http://www-01.ibm.com/support/docview.wss?uid=swg21678628 > http://www-01.ibm.com/support/docview.wss?uid=swg21488362 > > And also, please check on the host name as well, since the stack trace has > "The host name was 'kasun-PC (127.0.0.1)'; in some cases the host name > cannot be > determined and so is shown as '????'" > > Thanks. > > > On Sat, Nov 21, 2015 at 11:48 AM, Kirishanthy Tharmalingam < > [email protected]> wrote: > >> Hi All , >> >> For the SSL configuration in IBM MQ I created the local queue >> manager(SSLQM) , local queue(localq), server-connection channel(mychannel) >> and enable the ssl in the channel , and LISTNER.TCP run on the port number >> 1414. I used IBM MQ V 7.5 and java 1.7 . >> >> They are some steps I followed to do for running simple java client >> program. >> >> 1. Creating key repository for queue manager [1]. >> 2. Creating a self-signed personal certificate and extract the >> certificate [2]. >> 3. I used [3] for creating keystore and truststore for queue manager >> and used SSL Context in my java client [4]. >> 4. While setup the ciphersuite property value I have considered [5], >> [6], [7] and [8]. >> >> when I run my client programme. I'm getting the following error [9] and >> also I include queue manager error log file [10]. >> >> Is there any other way to overcome this issue? please advice me to solve >> the issue. >> >> [1] >> http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.sec.doc/q012680_.htm?lang=en >> >> [2] >> http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.sec.doc/q012770_.htm?lang=en >> >> [3] >> http://www.ibm.com/developerworks/websphere/library/techarticles/0510_fehners/0510_fehners.html >> >> [4] >> https://github.com/Kirishanthy/IBM-MQ-Client/blob/master/ibmmqClient/src/main/java/MQProducerSSL.java >> >> [5] >> http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.dev.doc/q031290_.htm?lang=en >> >> [6] >> https://developer.ibm.com/answers/questions/178651/what-tls-ciphersuites-are-supported-when-connectin.html >> >> [7] >> http://stackoverflow.com/questions/33718151/get-an-error-while-using-ssl-in-mq-java-client >> >> [8] >> http://www.oracle.com/technetwork/java/javase/7u75-relnotes-2389086.html >> >> [9] >> >> MQJE001: Completion Code '2', Reason '2397'. >> com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2397'. >> at >> com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:247) >> at >> com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:588) >> at >> com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:630) >> at >> com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:107) >> at >> com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:205) >> at >> com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:911) >> at >> com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:799) >> at >> com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:750) >> at >> com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:157) >> at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:681) >> at MQProducer_SSL.main(MQProducer_SSL.java:72) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:606) >> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140) >> Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: >> Connection to host 'localhost(1414)' rejected. >> [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake >> failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed >> connection during handshake],3=localhost/127.0.0.1:1414 >> (localhost),4=SSLSocket.startHandshake,5=default]],3=localhost(1414),5=RemoteTCPConnection.protocolConnect] >> at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2053) >> at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1226) >> at >> com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:311) >> at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:337) >> at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:924) >> at >> com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:236) >> ... 15 more >> Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL >> handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed >> connection during handshake],3=localhost/127.0.0.1:1414 >> (localhost),4=SSLSocket.startHandshake,5=default] >> at >> com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1187) >> at >> com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:724) >> at >> com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:400) >> at >> com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:299) >> at >> com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:164) >> at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1598) >> ... 20 more >> Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed >> connection during handshake >> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953) >> at >> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) >> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) >> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) >> at >> com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1156) >> at >> com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1151) >> at java.security.AccessController.doPrivileged(Native Method) >> at >> com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1149) >> ... 25 more >> Caused by: java.io.EOFException: SSL peer shut down incorrectly >> at sun.security.ssl.InputRecord.read(InputRecord.java:482) >> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934) >> ... 32 more >> >> >> [10] >> >> 11/21/2015 09:59:32 - Process(6000.4) User(MUSR_MQADMIN) >> Program(amqrmppa.exe) >> Host(KASUN-PC) Installation(Installation1) >> VRMF(7.5.0.2) QMgr(SSLQM) >> >> AMQ9660: SSL key repository: password stash file absent or unusable. >> >> EXPLANATION: >> The SSL key repository cannot be used because MQ cannot obtain a password >> to >> access it. Reasons giving rise to this error include: >> (a) the key database file and password stash file are not present in the >> location configured for the key repository, >> (b) the key database file exists in the correct place but that no password >> stash file has been created for it, >> (c) the files are present in the correct place but the userid under which >> MQ is >> running does not have permission to read them, >> (d) one or both of the files are corrupt. >> >> The channel is '????'; in some cases its name cannot be determined and so >> is >> shown as '????'. The channel did not start. >> ACTION: >> Ensure that the key repository variable is set to where the key database >> file >> is. Ensure that a password stash file has been associated with the key >> database >> file in the same directory, and that the userid under which MQ is running >> has >> read access to both files. If both are already present and readable in the >> correct place, delete and recreate them. Restart the channel. >> ----- amqccisa.c : 5577 >> ------------------------------------------------------- >> 11/21/2015 09:59:32 - Process(6000.4) User(MUSR_MQADMIN) >> Program(amqrmppa.exe) >> Host(KASUN-PC) Installation(Installation1) >> VRMF(7.5.0.2) QMgr(SSLQM) >> >> AMQ9492: The TCP/IP responder program encountered an error. >> >> EXPLANATION: >> The responder program was started but detected an error. >> >> The host name was 'kasun-PC (127.0.0.1)'; in some cases the host name >> cannot be >> determined and so is shown as '????'. >> ACTION: >> Look at previous error messages in the error files to determine the error >> encountered by the responder program. >> ----- amqrmrsa.c : 889 >> -------------------------------------------------------- >> >> >> >> >> -- >> Thanks & Regards, >> Kirishanthy >> Associate Software Engineer >> Mobile : +94 778333939 >> [email protected] >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Dinithi De Silva* > Associate Software Engineer, WSO2 Inc. > m:+94716667655 | e:[email protected] | w: www.wso2.com > | a: #20, Palm Grove, Colombo 03 > -- Dushan Abeyruwan | Technical Lead PMC Member Apache Synpase WSO2 Inc. http://wso2.com/ Blog:*http://www.dushantech.com/ <http://www.dushantech.com/>* Mobile:(001)408-791-9312
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
