| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| Base Java MQ classes and SSL |
« View previous topic :: View next topic » |
| Author |
Message
|
| Tibor |
 Posted: Mon May 09, 2005 1:56 pm Post subject: |
 |
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
|
| Back to top |
|
 |
| manojkpradhan |
| Posted: Fri May 13, 2005 1:34 am Post subject: |
|
|
Apprentice
Joined: 15 Nov 2004
Posts: 25
|
Hi All,
Can anyone send the source code and procedure how to implement the Base MQ java classes and SSL. Because I have tried the SSL between server to server communication.But I don't know how to do the SSL between client and server communication.
Thanks,
Manoj |
|
| Back to top |
|
|
| Tibor |
| Posted: Fri May 13, 2005 1:41 am Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
Manoj,
I think you are the best place  just use the previous button freely. We had already discussed it...
But some important hooks:
- generating JKS keystore
- setting the truststore and keystore
Tibor |
|
| Back to top |
|
|
| manojkpradhan |
| Posted: Fri May 13, 2005 2:01 am Post subject: |
|
|
Apprentice
Joined: 15 Nov 2004
Posts: 25
|
Hi Tibor,
First of all thanks for reply.
How to generating JKS keystore and setting the truststore and keystore
Actually I don't know how to go through this.
If u give me full details of this,then it will better for me.
Thanks and Regards,
Manoj |
|
| Back to top |
|
|
| manojkpradhan |
| Posted: Mon May 16, 2005 12:53 am Post subject: |
|
|
Apprentice
Joined: 15 Nov 2004
Posts: 25
|
Hi All,
I am trying to connection my SSL Enable MQ Series 5.3 using java class, the following java code.But I am getting the error as MQRC 2397, which means MQRC_JSSE_ERROR.
Can any one give me the proper way to resolve this problem.
Source Code:
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
import com.ibm.mq.*;
import com.ibm.jms.JMSTextMessage;
import java.security.cert.*;
import java.util.Collection;
import java.util.HashMap;
public class MQMessgSend
{
private MQQueueManager mqmanager;
public MQMessgSend()
{
try
{
MQEnvironment.hostname ="192.168.1.26";
MQEnvironment.port=1616;
MQEnvironment.channel="SSL.SVRCONN";
MQEnvironment.CCSID = 437;
MQEnvironment.properties.put(MQC.TRANSPORT_PROPERTY,MQC.TRANSPORT_MQSERIES_CLIENT);
MQEnvironment.properties.put(MQC.SSL_PEER_NAME_PROPERTY,MQC.TRANSPORT_MQSERIES_CLIENT);
MQEnvironment.sslCipherSuite = "SSL_RSA_EXPORT_WITH_RC4_40_MD5";
MQEnvironment.sslPeerName = "CN = DEMO CA A6 OU = DST Demo Certificate O = Digital Signature Trust Co. C = US";
MQEnvironment.enableTracing(5);
HashMap h1 = new HashMap();
h1.put("javax.net.ssl.keyStore", "E:/SSL/mycert");
h1.put("javax.net.ssl.keyStorePassword", "passwd");
h1.put("javax.net.ssl.trustStore","E:/SSL/mycert");
h1.put("javax.net.ssl.trustStorePassword", "passwd");
Collection c = h1.entrySet();
MQEnvironment.sslCertStores = c ;
mqmanager = new MQQueueManager("QM2");
int openOptions = MQC.MQOO_OUTPUT ;
MQQueue outQueue = mqmanager.accessQueue("LQ2", openOptions);
MQMessage hello_world = new MQMessage();
String myssltestmessg = "SSL Test Messgae";
hello_world.writeUTF(myssltestmessg);
MQPutMessageOptions pmo = new MQPutMessageOptions();
outQueue.put(hello_world, pmo);
System.out.println("Message sent success");
outQueue.close();
mqmanager.disconnect();
}
catch (MQException ex)
{
ex.getCause();
System.out.println("WebSphere MQ error occurred : Completion code " + ex.completionCode + " Reason code " + ex.reasonCode + " Cause " + ex.getCause());
}
catch (java.io.IOException ex)
{
ex.printStackTrace();
System.out.println("An error occurred while writing to the message buffer: "+ ex);
}
catch (Exception e)
{
e.printStackTrace();
}
catch(Throwable th)
{
th.printStackTrace();
}
}
public static void main(String args[])
{
new MQMessgSend();
}
}
Error was:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
02:18:49 [1116233329093] Thread: main, Object: com.ibm.mq.MQQueueManager@13c5982 ==> MQManagedObject construct
or() entry
02:18:49 [1116233329125] Thread: main, Object: com.ibm.mq.MQQueueManager@13c5982 @(#) common/javabase/com/ib
m/mq/MQManagedObject.java, java, j530, j530-L020820 02/08/20 12:25:48
02:18:49 [1116233329140] Thread: main, Object: com.ibm.mq.MQQueueManager@13c5982 <== MQManagedObject construct
or() exit
02:18:49 [1116233329140] Thread: main, Object: com.ibm.mq.MQQueueManager@13c5982 ==> MQQueueManager constructo
r() entry
02:18:49 [1116233329140] Thread: main, Object: com.ibm.mq.MQQueueManager@13c5982 common/javabase/com/ibm/mq/
MQQueueManager.java, java, j530, j530-L021003 02/10/01 15:03:42 @(#) 1.56.2.2
02:18:49 [1116233329140] Thread: main Class: *** BuildInfo *** WebSphere MQ classes for Java (5.300)
02:18:49 [1116233329140] Thread: main Class: *** BuildInfo *** j530-L021008 (Production)
02:18:49 [1116233329140] Thread: main, Object: com.ibm.mq.MQQueueManager@13c5982 ==> construct() entry
02:18:49 [1116233329140] Thread: main ==> MQQueueManager::obtainBaseMQQueueManager (Java 1.1 version() ent
ry
02:18:49 [1116233329140] Thread: main ==> MQEnvironment::getDefaultProperty - transport() entry
02:18:49 [1116233329140] Thread: main <== MQEnvironment::getDefaultProperty - transport() exit
02:18:49 [1116233329156] Thread: main, Object: com.ibm.mq.MQClientManagedConnectionFactoryJ11@186d4c1 ==
> MQClientManagedConnectionFactoryJ11 constructor() entry
02:18:49 [1116233329171] Thread: main ==> MQEnvironment::getDefaultProperty - hostname() entry
02:18:49 [1116233329171] Thread: main <== MQEnvironment::getDefaultProperty - hostname() exit
02:18:49 [1116233329171] Thread: main ==> MQEnvironment::getDefaultProperty - port() entry
02:18:49 [1116233329171] Thread: main <== MQEnvironment::getDefaultProperty - port() exit
02:18:49 [1116233329171] Thread: main ==> MQEnvironment::getDefaultProperty - channel() entry
02:18:49 [1116233329171] Thread: main <== MQEnvironment::getDefaultProperty - channel() exit
02:18:49 [1116233329171] Thread: main ==> MQEnvironment::getDefaultProperty - CCSID() entry
02:18:49 [1116233329171] Thread: main <== MQEnvironment::getDefaultProperty - CCSID() exit
02:18:49 [1116233329187] Thread: main, Object: com.ibm.mq.MQClientManagedConnectionFactoryJ11@186d4c1 <=
= MQClientManagedConnectionFactoryJ11 constructor() exit
02:18:49 [1116233329187] Thread: main ==> Uninitialized object::ClientConnectionRequestInfo constructor(
) entry
02:18:49 [1116233329187] Thread: main ==> MQEnvironment::getDefaultProperty - connectOptions() entry
02:18:49 [1116233329187] Thread: main <== MQEnvironment::getDefaultProperty - connectOptions() exit
02:18:49 [1116233329187] Thread: main ==> MQEnvironment::getDefaultProperty - securityExit() entry
02:18:49 [1116233329187] Thread: main <== MQEnvironment::getDefaultProperty - securityExit() exit
02:18:49 [1116233329187] Thread: main ==> MQEnvironment::getDefaultProperty - receiveExit() entry
02:18:49 [1116233329187] Thread: main <== MQEnvironment::getDefaultProperty - receiveExit() exit
02:18:49 [1116233329187] Thread: main ==> MQEnvironment::getDefaultProperty - sendExit() entry
02:18:49 [1116233329203] Thread: main <== MQEnvironment::getDefaultProperty - sendExit() exit
02:18:49 [1116233329203] Thread: main ==> MQEnvironment::getDefaultProperty - userID() entry
02:18:49 [1116233329203] Thread: main <== MQEnvironment::getDefaultProperty - userID() exit
02:18:49 [1116233329203] Thread: main ==> MQEnvironment::getDefaultProperty - password() entry
02:18:49 [1116233329203] Thread: main <== MQEnvironment::getDefaultProperty - password() exit
02:18:49 [1116233329203] Thread: main ==> MQEnvironment::getDefaultProperty - SPI() entry
02:18:49 [1116233329203] Thread: main <== MQEnvironment::getDefaultProperty - SPI() exit
02:18:49 [1116233329218] Thread: main ==> MQEnvironment::getDefaultProperty - SSL Cipher Suite() entry
02:18:49 [1116233329218] Thread: main <== MQEnvironment::getDefaultProperty - SSL Cipher Suite() exit
02:18:49 [1116233329234] Thread: main ==> MQEnvironment::getDefaultProperty - SSL Peer Name() entry
02:18:49 [1116233329234] Thread: main <== MQEnvironment::getDefaultProperty - SSL Peer Name() exit
02:18:49 [1116233329250] Thread: main ==> MQEnvironment::getDefaultProperty - SSL CertStores() entry
02:18:49 [1116233329250] Thread: main <== MQEnvironment::getDefaultProperty - SSL CertStores() exit
02:18:49 [1116233329250] Thread: main ==> MQEnvironment::getDefaultProperty - SSL Socket Factory() ent
ry
02:18:49 [1116233329265] Thread: main <== MQEnvironment::getDefaultProperty - SSL Socket Factory() exi
t
02:18:49 [1116233329281] Thread: main, Object: com.ibm.mq.ClientConnectionRequestInfo@a822a7e9 <== Clien
tConnectionRequestInfo constructor() exit
02:18:49 [1116233329296] Thread: main, Object: com.ibm.mq.MQSimpleConnectionManager@422ede ==> allocateC
onnection() entry
02:18:49 [1116233329312] Thread: main, Object: com.ibm.mq.ManagedConnectionStore@112f614 ==> chooseOne
() entry
02:18:49 [1116233329328] Thread: main, Object: com.ibm.mq.ManagedConnectionStore@112f614 <== chooseOne
() exit
02:18:49 [1116233329343] Thread: main, Object: com.ibm.mq.StoredManagedConnection@111a3ac ==> StoredMa
nagedConnection constructor() entry
02:18:49 [1116233329343] Thread: main, Object: com.ibm.mq.MQClientManagedConnectionFactoryJ11@186d4c
1 ==> _createManagedConnection() entry
02:18:49 [1116233329359] Thread: main, Object: com.ibm.mq.MQManagedConnectionJ11@dd20f6 ==> MQMana
gedConnection constructor() entry
02:18:49 [1116233329406] Thread: main, Object: com.ibm.mq.MQSESSIONClient@1d1acd3 ==> setThreadA
ccess() entry
02:18:49 [1116233329406] Thread: main, Object: com.ibm.mq.MQSESSIONClient@1d1acd3 Default mult
i-thread access will be used.
02:18:49 [1116233329406] Thread: main, Object: com.ibm.mq.MQSESSIONClient@1d1acd3 <== setThreadA
ccess() exit
02:18:49 [1116233329406] Thread: main ==> MQSESSIONClient::MQCONN() entry
02:18:49 [1116233329421] Thread: main Class: MQSESSIONClient common/javabase/com/ibm/mq/MQSESS
IONClient.java, java, j530, j530-L021003 02/10/01 16:52:34 @(#) 1.46.1.4
02:18:49 [1116233329421] Thread: main Class: MQSESSIONClient Queue Manager = 'QM2'
02:18:49 [1116233329437] Thread: main ==> MQSESSION::setStringToLength() entry
02:18:49 [1116233329437] Thread: main <== MQSESSION::setStringToLength() exit
02:18:49 [1116233329468] Thread: main, Object: com.ibm.mq.MQInternalCommunications@e83912 ==>
Constructor() entry
02:18:49 [1116233329468] Thread: main, Object: com.ibm.mq.MQInternalCommunications@e83912 co
mmon/javabase/com/ibm/mq/MQInternalCommunications.java, java, j530, j530-L021003 02/09/30 17:08:19 @(#) 1.56.
2.3
02:18:49 [1116233329484] Thread: main ==> MQSESSION::setStringToLength() entry
02:18:49 [1116233329484] Thread: main <== MQSESSION::setStringToLength() exit
02:18:49 [1116233329484] Thread: main ==> MQSESSION::setStringToLength() entry
02:18:49 [1116233329500] Thread: main <== MQSESSION::setStringToLength() exit
02:18:49 [1116233329500] Thread: main ==> MQSESSION::setStringToLength() entry
02:18:49 [1116233329515] Thread: main <== MQSESSION::setStringToLength() exit
02:18:49 [1116233329515] Thread: main ==> MQSESSION::setStringToLength() entry
02:18:49 [1116233329515] Thread: main <== MQSESSION::setStringToLength() exit
02:18:49 [1116233329531] Thread: main, Object: com.ibm.mq.MQInternalCommunications@e83912 us
erID = ' '
02:18:49 [1116233329546] Thread: main, Object: com.ibm.mq.MQInternalCommunications@e83912 lo
ngUserID = ' '
02:18:49 [1116233329546] Thread: main, Object: com.ibm.mq.MQInternalCommunications@e83912 Qu
eue Manager = 'QM2 '
02:18:49 [1116233329562] Thread: main, Object: com.ibm.mq.MQInternalCommunications@e83912 Co
nnection handle = 5
02:18:49 [1116233329578] Thread: main, Object: com.ibm.mq.MQInternalCommunications@e83912 CC
SID = 437
02:18:49 [1116233329593] Thread: main, Object: com.ibm.mq.MQInternalCommunications@e83912 ==
> createSocketConnection() entry
02:18:49 [1116233329609] Thread: main, Object: com.ibm.mq.MQInternalCommunications@e83912
Connecting to 192.168.1.26 on port 1616
02:18:49 [1116233329625] Thread: main ==> SSLHelper::createSSLSocket() entry
02:18:49 [1116233329625] Thread: main Class: SSLHelper peername = 'MQSeries Client'
02:18:49 [1116233329625] Thread: main Class: SSLHelper certStores = [javax.net.ssl.trust
StorePassword=passwd, javax.net.ssl.keyStorePassword=passwd, javax.net.ssl.trustStore=E:/SSL/mycert, javax.net
.ssl.keyStore=E:/SSL/mycert]
02:18:49 [1116233329640] Thread: main Class: SSLHelper sslSocketFactory = null
02:18:49 [1116233329656] Thread: main Class: SSLHelper using default SSLSocketFactory
02:18:50 [1116233330265] Thread: main Class: SSLHelper creating SSL socket
02:18:50 [1116233330296] Thread: main Class: SSLHelper setting enabled cipher suites to
'SSL_RSA_EXPORT_WITH_RC4_40_MD5'
02:18:50 [1116233330296] Thread: main Class: SSLHelper calling startHandshake
02:18:50 [1116233330484] Thread: main, Object: com.ibm.mq.MQException: MQJE001: An MQExc
eption occurred: Completion Code 2, Reason 2397
MQJE056: Initial negotiation failure ==> MQException constructor(cc, rc, source, msgid)() entry
02:18:50 [1116233330484] Thread: main, Object: com.ibm.mq.MQException: MQJE001: An MQE
xception occurred: Completion Code 2, Reason 2397
MQJE056: Initial negotiation failure common/javabase/com/ibm/mq/MQException.java, java, j530, j530-L020820 02
/08/09 13:29:42 @(#) 1.39
02:18:50 [1116233330484] Thread: main, Object: com.ibm.mq.MQException: MQJE001: An MQE
xception occurred: Completion Code 2, Reason 2397
MQJE056: Initial negotiation failure cc = 2
02:18:50 [1116233330484] Thread: main, Object: com.ibm.mq.MQException: MQJE001: An MQE
xception occurred: Completion Code 2, Reason 2397
MQJE056: Initial negotiation failure rc = 2397
02:18:50 [1116233330500] Thread: main, Object: com.ibm.mq.MQException: MQJE001: An MQE
xception occurred: Completion Code 2, Reason 2397
MQJE056: Initial negotiation failure source = static method in SSL code
02:18:50 [1116233330500] Thread: main, Object: com.ibm.mq.MQException: MQJE001: An MQE
xception occurred: Completion Code 2, Reason 2397
MQJE056: Initial negotiation failure msgId = 98
MQJE001: An MQException occurred: Completion Code 2, Reason 2397
MQJE056: Initial negotiation failure
02:18:50 [1116233330500] Thread: main, Object: com.ibm.mq.MQException: MQJE001: An MQE
xception occurred: Completion Code 2, Reason 2397
MQJE056: Initial negotiation failure Explanation is 'MQJE001: An MQException occurred: Completion Code 2, Reas
on 2397
MQJE056: Initial negotiation failure'
02:18:50 [1116233330500] Thread: main, Object: com.ibm.mq.MQException: MQJE001: An MQExc
eption occurred: Completion Code 2, Reason 2397
MQJE056: Initial negotiation failure <== MQException constructor() exit
02:18:50 [1116233330500] Thread: main Class: MQSESSIONClient MQException occurred whilst
connecting
02:18:50 [1116233330500] Thread: main <== MQSESSIONClient::MQCONN() exit
02:18:50 [1116233330687] Thread: main, Object: com.ibm.mq.MQManagedConnectionJ11@dd20f6 <==
MQManagedConnection constructor (via exception)() exit
02:18:50 [1116233330687] Thread: main, Object: com.ibm.mq.MQException: MQJE001: Completion C
ode 2, Reason 2397 ==> MQException constructor(cc, rc, source)() entry
02:18:50 [1116233330687] Thread: main, Object: com.ibm.mq.MQException: MQJE001: Completion
Code 2, Reason 2397 common/javabase/com/ibm/mq/MQException.java, java, j530, j530-L020820 02/08/09 13:29:42
@(#) 1.39
02:18:50 [1116233330718] Thread: main, Object: com.ibm.mq.MQException: MQJE001: Completion
Code 2, Reason 2397 cc = 2
02:18:50 [1116233330718] Thread: main, Object: com.ibm.mq.MQException: MQJE001: Completion
Code 2, Reason 2397 rc = 2397
02:18:50 [1116233330718] Thread: main, Object: com.ibm.mq.MQException: MQJE001: Completion
Code 2, Reason 2397 source = com.ibm.mq.MQManagedConnectionJ11@dd20f6
MQJE001: Completion Code 2, Reason 2397
02:18:50 [1116233330718] Thread: main, Object: com.ibm.mq.MQException: MQJE001: Completion C
ode 2, Reason 2397 <== MQException constructor() exit
02:18:50 [1116233330781] Thread: main ==> ReasonCodeInfo::getResourceExceptionClass() entry
02:18:50 [1116233330781] Thread: main <== ReasonCodeInfo::getResourceExceptionClass() exit
02:18:50 [1116233330781] Thread: main, Object: com.ibm.mq.MQClientManagedConnectionFactoryJ11@
186d4c1 <== _createManagedConnection (via exception)() exit
WebSphere MQ error occurred : Completion code 2 Reason code 2397 Cause javax.net.ssl.SSLHandshakeException: su
n.security.validator.ValidatorException: No trusted certificate found
Thanks and Regards,
Manoj |
|
| Back to top |
|
|
| Tibor |
| Posted: Tue May 17, 2005 12:01 am Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
Manoj,
I think it is a Java keystore/truststore setting error, that's why can you send an SSL trace? (-Djavax.net.debug=ssl)
Error message was:
| Code: |
| WebSphere MQ error occurred : Completion code 2 Reason code 2397 Cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found |
Tibor |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue May 17, 2005 2:30 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20768
Location: LI,NY
|
| manjkpradhan wrote: |
02:18:49 [1116233329625] Thread: main Class: SSLHelper certStores = [javax.net.ssl.trust
StorePassword=passwd, javax.net.ssl.keyStorePassword=passwd, javax.net.ssl.trustStore=E:/SSL/mycert, javax.net
.ssl.keyStore=E:/SSL/mycert] |
Are you trying to pass off the certificate as trust store and key store ?? |
|
| Back to top |
|
|
| manojkpradhan |
| Posted: Tue May 17, 2005 9:01 pm Post subject: |
|
|
Apprentice
Joined: 15 Nov 2004
Posts: 25
|
Hi Tibor/fjb_saper,
Thanks for reply.
Environment:
Web Sphere MQ v5.3 CSD-07
jsdk1.4.2_04
This is my SSL trace that I have given below.
I have followed the foolowing step,please check it whether it is the right way or not:
First:
I have created the keystore and truststore using jsdk1.4.2_04's keytool.exe apllication.
Second:
Then I have put this keystore and truststore into my program.
Should I have to put any of the store(keystore or truststore) in the server loaction?.If yes,then in which server location I have to set the which store(keystore or truststore).
Should I have to set both the keystore and truststore in my program?
If no,then which store I have to put in my program.
E:\test>java -Djavax.net.debug=ssl MQMessgSend
keyStore is : keystore.jks
keyStore type is : jks
init keystore
init keymanager of type SunX509
***
found key for : mykey
chain [0] = [
[
Version: V1
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3
Key: Sun DSA Public Key
Parameters:DSA
p: fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
q: 9760508f 15230bcc b292b982 a2eb840b f0581cf5
g: f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a
y:
42275ff6 6852c8f0 b57cf812 d415234e 9c9f41cf f88b7c33 03f4896b 82f12891
a34d1f8b c196e558 631c5a80 8f9d9f61 b96c25c4 48fde7a0 cec60d4a 2b130211
3a9b6a49 78d61049 3c85759b 8fd84375 87e1d374 10540305 83935077 142737e7
f9eb36c4 679403e1 23486d94 a7569479 7c049844 9f4190a1 909b9e53 b38f1c0a
Validity: [From: Tue May 17 16:58:38 GMT+05:30 2005,
To: Wed May 17 16:58:38 GMT+05:30 2006]
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
SerialNumber: [ 4289d566]
]
Algorithm: [SHA1withDSA]
Signature:
0000: 30 2D 02 15 00 89 6E 50 1D 5B 0D 04 8C E2 D6 EC 0-....nP.[......
0010: FC 89 42 2E 72 28 DF 4E 8B 02 14 08 5B F2 18 0A ..B.r(.N....[...
0020: 33 99 30 97 1D DE AD 9B 19 85 9D 2B 3F 60 CD 3.0........+?`.
]
***
trustStore is: truststore.jks
trustStore type is : jks
init truststore
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: DSA; Serial number: 0x4289d566
Valid from Tue May 17 16:58:38 GMT+05:30 2005 until Wed May 17 16:58:38 GMT+05:30 2006
init context
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1099548746 bytes = { 41, 51, 100, 184, 248, 119, 53, 187, 228, 161, 141, 208, 126, 162, 10
8, 111, 167, 122, 129, 220, 135, 209, 140, 220, 95, 189, 71, 95 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 45
main, WRITE: SSLv2 client hello message, length = 47
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
MQJE001: An MQException occurred: Completion Code 2, Reason 2397
MQJE056: Initial negotiation failure
MQJE001: Completion Code 2, Reason 2397
WebSphere MQ error occurred : Completion code 2 Reason code 2397 Cause javax.net.ssl.SSLHandshakeException: Re
mote host closed connection during handshake
Thanks and Regards,
Manoj |
|
| Back to top |
|
|
| Tibor |
| Posted: Wed May 18, 2005 11:29 pm Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
Manoj,
| Quote: |
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket() |
Perhaps the qmgr error log contents the real problem description. Listen the AMQERR01.LOG file simultaneously.
Tibor |
|
| Back to top |
|
|
| manojkpradhan |
| Posted: Thu May 19, 2005 4:12 am Post subject: |
|
|
Apprentice
Joined: 15 Nov 2004
Posts: 25
|
Hi Tibor,
The AMQERROR01.LOG file is showing as given below:
05/19/2005 17:31:06
AMQ9637: Channel is lacking a certificate.
EXPLANATION:
The channel is lacking a certificate to use for the SSL handshake. The channel
name is '????' (if '????' it is unknown at this stage in the SSL processing).
The channel did not start.
ACTION:
Make sure the appropriate certificates are correctly configured in the key
repositories for both ends of the channel.
----- amqccisn.c : 2732 -------------------------------------------------------
05/19/2005 17:31:06
AMQ9228: The TCP/IP responder program could not be started.
EXPLANATION:
An attempt was made to start an instance of the responder program, but the
program was rejected.
ACTION:
The failure could be because either the subsystem has not been started (in this
case you should start the subsystem), or there are too many programs waiting
(in this case you should try to start the responder program later). The reason
code was 0.
Environment:
Web Sphere MQ v5.3 CSD-07 in one machine(WINDOWS 2000 professional) and my MQ Client with jsdk1.4.2_04 installed software in other machine(WINDOWS 2000 professional).
Can you tell me after defined two key(keystore and truststore),which key I have to put in which location.
I think.I am doing the mistake to put the keystore and trust store in proper location.
Thanks and Regards,
Manoj |
|
| Back to top |
|
|
| Tibor |
| Posted: Thu May 19, 2005 6:19 am Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
Manoj,
The message was AMQ9637: Channel is lacking a certificate. . Is your queue manager correctly configured? certificate, cipher, etc.
Tibor |
|
| Back to top |
|
|
| manojkpradhan |
| Posted: Thu May 19, 2005 8:21 pm Post subject: |
|
|
Apprentice
Joined: 15 Nov 2004
Posts: 25
|
Hi Tibor,
Thats why I am asking you that in which place I will place the certificate.
Actually I have created a certificate by using keytool.exe.
The commands are as follows:
1. keytool -genkey -keystore keystore.jks -storepass passwd -keypass passwd -dname "CN=G4 Software,O=G4,C=IN" -validity 365
2. keytool -export -storepass passwd -keystore keystore.jks -file keystore
3. keytool -import -storepass passwd -keystore truststore -file keystore
After executing this three statement, I get keystore.jks,kestore and truststore.jks file.
Then I am using the truststore as truststore.jks in my program and keep the keystore as keystore.jks in the queue manager properties location.
That is under the ssl tab.
Is it the right way?If no,please send me the right way to do this.
I am using the SipherSuite as SSL_RSA_WITH_RC4_128_MD5 and the corresponding sipherspec as RC4_MD5_US.
Thanks and Regards,
Manoj |
|
| Back to top |
|
|
| Tibor |
| Posted: Fri May 20, 2005 2:12 am Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
Manoj,
Not this way. All of previous posts talk you about the settings of Java Client. On qmgr there is a different method for generating keystore, just look into Security Guide or search for topics with this keywords: ssl AND qmgr: e.g. SSL between queue managers
Tibor |
|
| Back to top |
|
|
| KDL54 |
| Posted: Mon May 23, 2005 7:25 am Post subject: SSL & QMgr and client connection using SSL |
|
|
Newbie
Joined: 23 May 2005
Posts: 1
|
 Genlemen I am trying to do a similar or same thing here. Where I have created a q-manager and set up a server connection channel with the following SSL properties...: Cipherspec = RC4_MD5_US. From reading prior posts I gather there are additional configurations required for the q-mgr. itself...? What I am trying to do is simply set up a q-mgr. that will accept a client connection via SSL. I have a q=mgr. and client that communicate fine using the system server connection channel. It has now become a requirement to change this communication to use SSL.
If there is a place in the documentation that describes the changes required I will be happy to go there and do the research. If on the other hand someone here has the information willing to share I would be very happy to use this venue.
So far I have contacted IBM and they send some information to create the MS MakeCert.exe utility, but not a real clear explanation of what it all is that is being created, especially since step 2 in the process does not seem to work for me. In any case if you guys could hel it would be great, Thanks. |
|
| Back to top |
|
|
| simi |
| Posted: Wed Oct 11, 2006 4:20 am Post subject: |
|
|
Newbie
Joined: 02 Oct 2006
Posts: 1
|
HI!
I have a question to you.
This works:
MQEnvironment.channel="SSLCONN";
MQEnvironment.hostname="";
MQEnvironment.port=2424;
MQEnvironment.CCSID=819;
MQEnvironment.userID="mqm";
MQEnvironment.sslCipherSuite = "SSL_RSA_WITH_DES_CBC_SHA";
System.setProperty( "javax.net.ssl.keyStore", "D:/MQSSL/kliens.jks");
System.setProperty( "javax.net.ssl.keyStorePassword", "kliens" );
System.setProperty( "javax.net.ssl.trustStore", "D:/MQSSL/kliens.jks");
System.setProperty( "javax.net.ssl.trustStorePassword", "kliens");
MQQueueManager qMgr;
qMgr = new MQQueueManager("TEST");
and this doesn't:
MQEnvironment.channel="SSLCONN";
MQEnvironment.hostname="";
MQEnvironment.port=2424;
MQEnvironment.CCSID=819;
MQEnvironment.userID="mqm";
MQEnvironment.sslCipherSuite = "SSL_RSA_WITH_DES_CBC_SHA";
HashMap h1 = new HashMap();
h1.put("javax.net.ssl.trustStore","D:/MQSSL/kliens.jks");
h1.put("javax.net.ssl.trustStorePassword", "kliens");
h1.put("javax.net.ssl.keyStore", "D:/MQSSL/kliens.jks");
h1.put("javax.net.ssl.keyStorePassword", "kliens");
Collection c = h1.entrySet();
MQEnvironment.sslCertStores = c ;
MQQueueManager qMgr;
qMgr = new MQQueueManager("TEST");
In the second one, in the output of javax.net.debug trace, there is nothing from my kliens.jks, only the default java things.
Can someone help me why?
thanks |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
