| Author |
Message
|
| marcin.kasinski |
 Posted: Tue Sep 09, 2008 12:09 am Post subject: SSL problem : HTTP nodes work OK, but SOAP nodes don't |
 |
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
Hi,
I have problem with testing SOAP nodes and https.
I think my HTTPS configuration correct because HTTPS comunication with HTTPInput and HTTPRequest nodes works OK.
I have problem only using SOAP nodes and HTTPS
I got error "java.io.IOException: Keystore was tampered with, or password was incorrect"
I use the same keystore file for HTTP nodes and SOAP nodes.
Script I used to configure SSL below:
| Code: |
mqsichangeproperties WBRK_BROKER -e default -o ComIbmJVMManager -n keystoreFile -v ...\server.jks
mqsichangeproperties WBRK_BROKER -e default -o ComIbmJVMManager -n keystoreType -v JKS
mqsichangeproperties WBRK_BROKER -e default -o ComIbmJVMManager -n keystorePass -v pwd1
mqsichangeproperties WBRK_BROKER -e default -o ComIbmJVMManager -n truststoreFile -v brokerdir\jre\...\cacert
mqsichangeproperties WBRK_BROKER -e default -o ComIbmJVMManager -n truststoreType -v JKS
mqsichangeproperties WBRK_BROKER -e default -o ComIbmJVMManager -n truststorePass -v pwd2
mqsichangeproperties WBRK_BROKER -b httplistener -o HTTPListener -n enableSSLConnector -v true
mqsichangeproperties WBRK_BROKER -b httplistener -o HTTPConnector -n port -v 7080
mqsichangeproperties WBRK_BROKER -b httplistener -o HTTPSConnector -n keystoreFile -v ...\server.jks
mqsichangeproperties WBRK_BROKER -b httplistener -o HTTPSConnector -n keystorePass -v pwd1
mqsichangeproperties WBRK_BROKER -b httplistener -o HTTPSConnector -n keystoreType -v JKS
mqsichangeproperties WBRK_BROKER -b httplistener -o HTTPSConnector -n port -v 7090
|
The question is:
Why using the same keystore HTTP nodes work OK, but SOAP nodes don't.
Did I miss something ?
Any advice please...
_________________
Marcin |
|
| Back to top |
|
 |
| marcin.kasinski |
| Posted: Wed Sep 10, 2008 8:29 am Post subject: Re: SSL problem : HTTP nodes work OK, but SOAP nodes don't |
|
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
Hi,
Do you have any hints ?
It is really strange problem for me.
I have no idea why using the same keystore it doesn't work with SOAP nodes.
Is it my fault ?
_________________
Marcin |
|
| Back to top |
|
|
| svadamala |
| Posted: Tue Oct 28, 2008 12:08 pm Post subject: |
|
|
Newbie
Joined: 15 Feb 2008
Posts: 3
|
Hello,
I have same issue that keystore working with HTTPInput node over http(s) but not with SOAP node using HTTP(s).
Any Idea?
I am using same key store that is used in HTTPInput node over http(s).
Appreciate help.
sanath |
|
| Back to top |
|
|
| mgm |
| Posted: Wed Oct 29, 2008 11:41 am Post subject: product defect related to APAR IC56802 |
|
|
Apprentice
Joined: 14 Dec 2007
Posts: 48
Location: anywhere
|
you can get a fix for this APAR or update the BrokerRegistry instead.
contact me if you need further details. |
|
| Back to top |
|
|
| mgm |
| Posted: Wed Oct 29, 2008 11:49 am Post subject: Re: product defect related to APAR IC56802 |
|
|
Apprentice
Joined: 14 Dec 2007
Posts: 48
Location: anywhere
|
| mgm wrote: |
you can get a fix for this APAR or update the BrokerRegistry instead.
contact me if you need further details. |
|
|
| Back to top |
|
|
| svadamala |
| Posted: Wed Oct 29, 2008 1:39 pm Post subject: |
|
|
Newbie
Joined: 15 Feb 2008
Posts: 3
|
Hello mqm,
I updated broker registry with keystoreFile and Trust store file using below commands,
mqsichangeproperties WBRK61_DEFAULT_BROKER -o BrokerRegistry -n brokerKeystoreFile -v "keystorefile"
mqsichangeproperties WBRK61_DEFAULT_BROKER -o BrokerRegistry -n brokerTruststoreFile -v "truststorefile"
and passwords for the above.
Still no luck...
What is your contact number to talk ?.
Appreciate your help.
Cheers,
sanath |
|
| Back to top |
|
|
| mgm |
| Posted: Wed Oct 29, 2008 1:54 pm Post subject: |
|
|
Apprentice
Joined: 14 Dec 2007
Posts: 48
Location: anywhere
|
| svadamala wrote: |
Hello mqm,
I updated broker registry with keystoreFile and Trust store file using below commands,
mqsichangeproperties WBRK61_DEFAULT_BROKER -o BrokerRegistry -n brokerKeystoreFile -v "keystorefile"
mqsichangeproperties WBRK61_DEFAULT_BROKER -o BrokerRegistry -n brokerTruststoreFile -v "truststorefile"
and passwords for the above.
Still no luck...
What is your contact number to talk ?.
Appreciate your help.
Cheers,
sanath |
Stop your broker then run
mqsisetdbparms WBRK61_DEFAULT_BROKER -n brokerKeystore::password -u none -p your password
Start the broker, it should work.
you can reach me at m_egyptman@yahoo |
|
| Back to top |
|
|
| svadamala |
| Posted: Wed Oct 29, 2008 2:17 pm Post subject: |
|
|
Newbie
Joined: 15 Feb 2008
Posts: 3
|
Hello mqm,
I have set keystore/truststore password values for broker registry using below statements,
mqsisetdbparms WBRK61_DEFAULT_BROKER -n brokerTruststore::password -u temp -p xxxxxx
mqsisetdbparms WBRK61_DEFAULT_BROKER -n brokerKeystore::password -u temp -p xxxxxx
I taken out truststore values for "ComIbmJVMManager" and restarted the broker and now I am no longer seeing error "java.io.IOException: Keystore was tampered with, or password was incorrect". Now I am good and everything is working. 
mqsichangeproperties WBRK61_DEFAULT_BROKER -e default -o ComIbmJVMManager -n truststoreFile -v ""
mqsichangeproperties WBRK61_DEFAULT_BROKER -e default -o ComIbmJVMManager -n truststoreType -v ""
mqsichangeproperties WBRK61_DEFAULT_BROKER -e default -o ComIbmJVMManager -n truststorePass -v ""
Thanks for your responses.
Cheers,
Sanath |
|
| Back to top |
|
|
| mgm |
| Posted: Wed Oct 29, 2008 2:26 pm Post subject: congratulations |
|
|
Apprentice
Joined: 14 Dec 2007
Posts: 48
Location: anywhere
|
| Good to hear that u r ok now. Good luck |
|
| Back to top |
|
|
|
|
