| Author |
Message
|
| mqguy21 |
 Posted: Wed Jan 24, 2007 1:59 am Post subject: Java standalone and SSL - MQ Series6 support |
 |
|
Newbie
Joined: 24 Jan 2007
Posts: 3
|
I am able to run my standalone Java program by specifying trust store details etc from command line like java -Djavax.net.ssl.keyStore=C:\MYAPPJ\myappj.jks -Djavax.net.ssl.keyStorePassword=abc123 -Djavax.net.ssl.trustStore=C:\MYAPPJ\myappj.jks MyStandaloneTest SYSTEM.DEFAULT.LOCAL.QUEUE myqmgrname.
But I am NOT able to run my program by specifying trust details in java class either by
HashMap h1 = new HashMap();
h1.put("javax.net.ssl.keyStore","C:\\MYAPPJ\\myappj.jks");
h1.put("javax.net.ssl.keyStorePassword", "abc123");
h1.put("javax.net.ssl.trustStore","C:\\MYAPPJ\\myappj.jks");
h1.put("javax.net.ssl.trustStorePassword", "abc123");
Collection c = h1.entrySet();
MQEnvironment.sslCertStores = c ;
OR
System.setProperty( "javax.net.ssl.keyStore", "C:\\MYAPPJ\\myappj.jks");
System.setProperty( "javax.net.ssl.keyStorePassword", "abc123" );
System.setProperty( "javax.net.ssl.trustStore", "C:\\MYAPPJ\\myappj.jks");
System.setProperty( "javax.net.ssl.trustStorePassword", "abc123");
ERROR:
MQException: com.ibm.mq.MQException: MQJE001: Completion Code 2, Reason 2397 JSSE Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
Please help me to resolve this.
_________________
MQ Guy |
|
| Back to top |
|
 |
| Vitor |
| Posted: Wed Jan 24, 2007 2:24 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
You probably need to apply the certificates as laid out in the Using Security manual.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqguy21 |
| Posted: Wed Jan 24, 2007 2:51 am Post subject: |
|
|
Newbie
Joined: 24 Jan 2007
Posts: 3
|
Thank you!!!
Can you please send me the URL link for Security manual.
_________________
MQ Guy |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jan 24, 2007 3:13 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqguy21 wrote: |
Thank you!!!
Can you please send me the URL link for Security manual. |
Hard to see how you've missed this on even a casual browse of the forum but:
http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp
You'll find all the manuals in there.
Happy Reading! 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqguy21 |
| Posted: Wed Jan 24, 2007 5:32 am Post subject: |
|
|
Newbie
Joined: 24 Jan 2007
Posts: 3
|
Thanks for URL.
Tried but not able to find answer for it. Direct answer is much appreciated. Please find my standalone java class below.
| Code: |
import com.ibm.mq.*;
import java.util.HashMap;
import java.util.Collection;
public class PutSample
{
// usage: java PutSample qname qmgrname
//
public static void main(String args[])
{
try
{
// setup CLNTCONN channel details
MQEnvironment.hostname = "localhost";
MQEnvironment.port = 1420;
MQEnvironment.channel = "MY.SEC.SVRCONN.CHL1";
MQEnvironment.sslCipherSuite = "SSL_RSA_WITH_RC4_128_MD5";
MQEnvironment.sslKeyStore="C:\\MYAPPJ\\myappj.jks";
//System.setProperty( "javax.net.ssl.keyStore", "C:\\MYAPPJ\\myappj.jks");
//System.setProperty( "javax.net.ssl.keyStorePassword", "abc123" );
//System.setProperty( "javax.net.ssl.trustStore", "C:\\MYAPPJ\\myappj.jks");
//System.setProperty( "javax.net.ssl.trustStorePassword", "abc123");
HashMap h1 = new HashMap();
h1.put("javax.net.ssl.keyStore","C:\\MYAPPJ\\myappj.jks");
h1.put("javax.net.ssl.keyStorePassword", "abc123");
h1.put("javax.net.ssl.trustStore","C:\\MYAPPJ\\myappj.jks");
h1.put("javax.net.ssl.trustStorePassword", "abc123");
Collection c = h1.entrySet();
MQEnvironment.sslCertStores = c ;
// connect
MQQueueManager qMgr = new MQQueueManager(args[1]);
System.out.println("qmgr construction successful");
// open
int OpenOptions = MQC.MQOO_OUTPUT;
MQQueue queue = qMgr.accessQueue(args[0], OpenOptions);
System.out.println("qmgr.accessQueue() successful");
// create message
MQMessage msg = new MQMessage();
msg.format = MQC.MQFMT_STRING;
msg.writeString("Hello, World!");
MQPutMessageOptions pmo = new MQPutMessageOptions();
// put
queue.put(msg, pmo);
System.out.println("queue.put() successful");
// cleanup (1)
queue.close();
// give user 30 seconds to run DISPLAY CHSTATUS
System.out.println("Sleeping for 30 seconds");
try
{
java.lang.Thread.sleep(30000);
}
catch (InterruptedException ie)
{
System.out.println("InterruptedException: " + ie);
}
// cleanup (2)
qMgr.disconnect();
System.out.println("Success");
}
catch (MQException ex)
{
System.out.println("MQException: " + ex);
if ( ex.reasonCode == MQException.MQRC_JSSE_ERROR )
System.out.println("JSSE Exception: " + ex.getCause());
}
catch (java.io.IOException ex)
{
System.out.println("IOException: " + ex);
}
}
} |
_________________
MQ Guy |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jan 24, 2007 5:39 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Which part of the section on MQ's SSL support ("Websphere MQ SSL Support" section in the manual) was unclear to you? 
This has step by step instructions for setup....
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| vennela |
| Posted: Wed Jan 24, 2007 6:11 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
Have you created the keyStore and TrustStore
How did you do it |
|
| Back to top |
|
|
| mvic |
| Posted: Thu Jan 25, 2007 5:31 pm Post subject: Re: Java standalone and SSL - MQ Series6 support |
|
|
Jedi
Joined: 09 Mar 2004
Posts: 2080
|
| mqguy21 wrote: |
ERROR:
MQException: com.ibm.mq.MQException: MQJE001: Completion Code 2, Reason 2397 JSSE Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
Please help me to resolve this. |
The java.lang.System.setProperty calls seem better to me.
But I can't see why your cmd line works but the in-program setting doesn't.
It says "No trusted certificate found". Are you running the program as the same user, on the same machine... are there any other differences at runtime between the failing and succeeding cases?
I note you have "trustStorePassword" in the program but not on the cmd line... significant? Perhaps try with it removed from the program.
What JRE/JDK are you running? |
|
| Back to top |
|
|
| hejunion@gmail.com |
| Posted: Mon Mar 05, 2007 9:37 pm Post subject: Object stored in MQEnvironment.sslCertStores |
|
|
Newbie
Joined: 05 Mar 2007
Posts: 1
|
You can not just assign the key-property pair to this.
MQEnvironment.sslCertStores is a Collection,
Need create ArrayList of CertStore objects defined for the trust store. |
|
| Back to top |
|
|
| rd123 |
| Posted: Sat Jul 05, 2008 8:44 am Post subject: |
|
|
Newbie
Joined: 05 Jul 2008
Posts: 1
|
| I am getting same error. the program does not seem to pick the ssl certs from repository. How did you get this working |
|
| Back to top |
|
|
|
|
