|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
|
|
SSL connection with IntegrationNodeProxy |
« View previous topic :: View next topic » |
Author |
Message
|
vasilev |
Posted: Tue Jan 23, 2024 5:59 am Post subject: SSL connection with IntegrationNodeProxy |
|
|
Acolyte
Joined: 31 Oct 2014 Posts: 71 Location: Germany
|
Hello,
I am getting error while connecting to Integration server with SSL:
PKIX path building failed - unable to find valid certification path to requested target.
Code: |
String SSLKEY = "/usr/lib/jvm/default-java/lib/security/cacerts";
String brokerSSLPass = "..";
useSSL = true;
System.setProperty("javax.net.ssl.trustStore", SSLKEY);
System.setProperty("javax.net.ssl.trustStorePassword", brokerSSLPass);
IntegrationNodeProxy aceNode = null;
aceNode = new IntegrationNodeProxy(brokerhost, brokerport, brokeruser, brokerpass, useSSL);
IntegrationServerProxy aceServer = aceNode.getIntegrationServerByName(aceServerName);
|
am I missing something ?
thank you _________________ Regards
V.Vasilev |
|
Back to top |
|
|
AndreasMartens |
Posted: Thu Jan 25, 2024 5:49 am Post subject: bit more information please! |
|
|
Acolyte
Joined: 30 Jan 2006 Posts: 65 Location: Hursley, UK
|
A little more information would be good:
1. Can you confirm which JRE you're using?
2. Can you run with IBM_JAVA_OPTIONS="-Djavax.net.debug=ssl:handshake" (assuming you're using IBM Java 8 )
The main reason for the error is that the Certificate exposed by the ACE Node hasn't been included in your cacerts file. running:
Code: |
keytool -list -keystore /usr/lib/jvm/default-java/lib/security/cacerts |
would show if it's in there.[/code]
Does openssl give the expected cert?
Code: |
openssl s_client -connect brokerhost:brokerport -prexit |
|
|
Back to top |
|
|
vasilev |
Posted: Mon Jan 29, 2024 2:25 am Post subject: |
|
|
Acolyte
Joined: 31 Oct 2014 Posts: 71 Location: Germany
|
sorry for the late reply.
in the docker image i have installed - openjdk 17.0.9, debian 12
I have imported the root in a new keystore and tried again.
this is the error:
Code: |
Exception:com.ibm.integration.admin.proxy.IntegrationAdminException: Caught exception in getIntegrationServers Exception:java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)\n\tat com.ibm.integration.admin.proxy.IntegrationNodeProxy.getIntegrationServers(IntegrationNodeProxy.java:287)\n\tat com.ibm.integration.admin.proxy.IntegrationNodeProxy.getIntegrationServerNames(IntegrationNodeProxy.java:257)\n\tat com.ibm.integration.admin.proxy.IntegrationNodeProxy.getIntegrationServerByName(IntegrationNodeProxy.java:317)\n\tat ace_functions.DeployBar(ace_functions.java:46)\n\tat main(ace_main.java:90)\n\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)\n\tat java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.base/java.lang.reflect.Method.invoke(Method.java:568)\n\tat org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:61)\n"]} |
ssl debug:
Code: |
javax.net.ssl - SSLCipher.java:466|jdk.tls.keyLimits: AES/GCM/NoPadding KeyUpdate 2^37.. KETUPDATE - 137..
|
this is the code:
...
Code: |
if (jsonargs.has("ssl")) {
useSSL = true;
System.setProperty("javax.net.ssl.trustStore", ".../truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("jdk.tls.client.protocols", "TLSv1.3,TLSv1.1,TLSv1.2");
System.setProperty("https.protocols", "TLSv1.3,TLSv1.1,TLSv1.2");
}
...
IntegrationServerProxy aceServer = aceNode.getIntegrationServerByName(aceServerName);
|
_________________ Regards
V.Vasilev |
|
Back to top |
|
|
vasilev |
Posted: Tue Jan 30, 2024 10:46 am Post subject: |
|
|
Acolyte
Joined: 31 Oct 2014 Posts: 71 Location: Germany
|
i have added keystore as well. all is fine.
Code: |
System.setProperty("javax.net.ssl.trustStore", "/truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStore", "/truststore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty("jdk.tls.client.protocols", "TLSv1.2,TLSv1.3");
System.setProperty("https.protocols", "TLSv1.2,TLSv1.3"); |
_________________ Regards
V.Vasilev |
|
Back to top |
|
|
|
|
|
|
Page 1 of 1 |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|
|
|