| Author |
Message
|
| drjm |
 Posted: Tue Jul 21, 2009 10:08 am Post subject: Https issue with soap nodes |
 |
|
Newbie
Joined: 25 Feb 2009
Posts: 8
|
I have a problem with https over SSL using soap nodes.
The exceptions I am getting is "Default SSL context init failed: IBMKeyManager: Problem accessing key store java.io.IOException: Keystore was tampered with, or password was incorrect"
But I am able to accessing the keystore and truststore using passwords and from locations spcefied in the below script.
Here is the script I have used for configuring the https.Prior to this I have imported the certificate into 'cacerts' truststore.
[img][i]mqsichangeproperties ESBBRK -e default -o ComIbmJVMManager -n keystoreFile -v C:\certs\server.keystore
mqsichangeproperties ESBBRK -e default -o ComIbmJVMManager -n keystoreType -v JKS
mqsichangeproperties ESBBRK -e default -o ComIbmJVMManager -n keystorePass -v pwd1
mqsichangeproperties ESBBRK -b httplistener -o HTTPListener -n enableSSLConnector -v true
mqsichangeproperties ESBBRK -b httplistener -o HTTPSConnector -n keystoreFile -v C:\certs\server.keystore
mqsichangeproperties ESBBRK -b httplistener -o HTTPSConnector -n keystorePass -v pwd1
mqsichangeproperties ESBBRK -b httplistener -o HTTPSConnector -n keystoreType -v JKS
mqsichangeproperties ESBBRK -o BrokerRegistry -n brokerKeystoreFile -v C:\certs\server.keystore
mqsichangeproperties ESBBRK -o BrokerRegistry -n brokerTruststoreFile -v C:\IBM\MQSI\6.1\jre15\lib\security\cacerts
mqsichangeproperties ESBBRK -b httplistener -o HTTPSConnector -n port -v 7085
mqsistop ESBBRK
mqsisetdbparms ESBBRK -n brokerKeystore::password -u temp -p pwd1
mqsisetdbparms ESBBRK -n brokerTruststore::password -u temp -p changeit—(default password)
mqsistart ESBBRK[/i][/img]
After ran the script I have checked the entries in broker, execution group, and httplistner all the properties have been set properly.
But I am not able to figure out why this exception is occuring.
Any help greatly appriciated .
Note: Environment is WMB 6.1.0.3
Thanks,
ADR |
|
| Back to top |
|
 |
| drjm |
| Posted: Fri Jul 24, 2009 2:33 pm Post subject: |
|
|
Newbie
Joined: 25 Feb 2009
Posts: 8
|
I have managed to work https over ssl using http nodes, but still I am getting exceptions with Soap nodes.
This time I am getting different error like "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure"
I think this error cause could be if the exchanging keys are different between client and server .But my case same keystore and trust store setup is working fine with http nodes.
Any help regarding the same?. |
|
| Back to top |
|
|
| chanduy9 |
| Posted: Tue Jul 28, 2009 7:52 am Post subject: |
|
|
Disciple
Joined: 28 Nov 2001
Posts: 177
Location: USA
|
Hi,
I think you were missing some commands, I have executed below commands to setup SOAP over SSL, please check:
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n port -v 7900
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n sslProtocol -v SSL
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n keystoreType -v JKS
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n keystoreFile -v /MQHA/STGBRK01/brokercert/cacerts
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n keystorePass -v xxxxxxx
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n explicitlySetPortNumber -v 7900
And I did not run any commands for ComIbmJVMManager, it worked fine for me.
Thanks,
Chandra.
_________________
Chandra,
IBM WebSphere MQ Certified. |
|
| Back to top |
|
|
| drjm |
| Posted: Tue Jul 28, 2009 4:10 pm Post subject: |
|
|
Newbie
Joined: 25 Feb 2009
Posts: 8
|
Thanks Chandra for your reply.
Please let me know, where did u register the truststore at client side?.I mean is it in broker or execution group?.
Thanks,
adrao |
|
| Back to top |
|
|
| drjm |
| Posted: Wed Jul 29, 2009 9:45 am Post subject: |
|
|
Newbie
Joined: 25 Feb 2009
Posts: 8
|
My problem got solved.  .
Thanks chandra once again ... |
|
| Back to top |
|
|
| bijesh |
| Posted: Sat Sep 12, 2009 1:43 pm Post subject: |
|
|
Acolyte
Joined: 30 Jan 2007
Posts: 66
|
Hi drjm,
Can you tell me how did you resolve the problem?
Thanks,
Bb |
|
| Back to top |
|
|
| drjm |
| Posted: Tue Sep 22, 2009 3:54 pm Post subject: |
|
|
Newbie
Joined: 25 Feb 2009
Posts: 8
|
Sorry for the delayed response.I have been stuckup with my stuff in the Project.
After I have re created the certficate, excuted the commands mentioned by chandra and problem was resovled.
| Code: |
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n port -v 7900
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n sslProtocol -v SSL
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n keystoreType -v JKS
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n keystoreFile -v /MQHA/STGBRK01/brokercert/cacerts
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n keystorePass -v xxxxxxx
mqsichangeproperties STGBRK01 -e default -o HTTPSConnector -n explicitlySetPortNumber -v 7900 |
Hope this will help. |
|
| Back to top |
|
|
|
|
