| Author |
Message
|
| sebastianhirt |
 Posted: Fri May 25, 2007 3:47 am Post subject: SSL, Java and the Channel Tab |
 |
|
Yatiri
Joined: 07 Jun 2004
Posts: 620
Location: Germany
|
Hi all,
I am currently writting a little app (java 1.4 Base Clases for MQ V6.0.0.0) that is supposed to client connect to a queue manager do some stuff and disconnect again. The entire thing is supposed to use a channel tab and SSL.
Now... My SSL setup is just fine. rfhutilc connects to the queue manager just fine using ssl and channel tab. It is just my java app that doesn't. Any idea?
This code:
| Code: |
System.setProperty( "javax.net.ssl.keyStore", "C:\\mqs\\key.kdb");
System.setProperty( "javax.net.ssl.keyStorePassword", "123456");
chanTab = new URL("file:///C:/Program Files/IBM/WebSphere MQ/Qmgrs/TEST/@ipcc/AMQCLCHL.TAB");
qm = new MQQueueManager("TEST", chanTab);
System.out.println(qm.isConnected);
|
throws a 2059 ( MQRC_Q_MGR_NOT_AVAILABLE).
Nothing exciting in the logs.
cheers & Thanks in advance
Sebastian |
|
| Back to top |
|
 |
| marcin.kasinski |
| Posted: Fri May 25, 2007 5:07 am Post subject: Re: SSL, Java and the Channel Tab |
|
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
Hi,
I see here 2 things:
- is "file:///C:/Program Files/IBM/WebSphere MQ/Qmgrs/TEST/@ipcc/AMQCLCHL.TAB" correct URL ( space )?
I think it causes 2059 error or QMGRs from client tab are not available.
Another thing :
- in your JAVA App you have to use JKS keystore.
It wont work.
_________________
Marcin |
|
| Back to top |
|
|
| sebastianhirt |
| Posted: Fri May 25, 2007 5:40 am Post subject: Re: SSL, Java and the Channel Tab |
|
|
Yatiri
Joined: 07 Jun 2004
Posts: 620
Location: Germany
|
| marcin.kasinski wrote: |
Hi,
I see here 2 things:
- is "file:///C:/Program Files/IBM/WebSphere MQ/Qmgrs/TEST/@ipcc/AMQCLCHL.TAB" correct URL ( space )?
I think it causes 2059 error or QMGRs from client tab are not available.
|
Absolutely sure it is. As I said... Other applications work with exactly this channel tab.
| Quote: |
Another thing :
- in your JAVA App you have to use JKS keystore.
It wont work. |
| Code: |
| javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target |
It changed it's mind. Am getting another exception now
Where is this class supposed to come from?
javax.net.ssl.keyStore
I found that syntax in some sample code. But it's not in my Version of JSSE.jar. Any thoughts? |
|
| Back to top |
|
|
| marcin.kasinski |
| Posted: Fri May 25, 2007 5:54 am Post subject: Re: SSL, Java and the Channel Tab |
|
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
I suggest testing it gradually.
1. Java app connection to QMGR.
2. Java app connection to QMGR with SSL or client definition table.
3. Java app connection to QMGR with SSL and client definition table.
And again,
With java you have to use JKS not KDB keystore.
It is totally different format.
KDB keystores -> QMGR
JKS keystores -> JAVA app
_________________
Marcin |
|
| Back to top |
|
|
| marcin.kasinski |
| Posted: Fri May 25, 2007 5:58 am Post subject: Re: SSL, Java and the Channel Tab |
|
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
Another thing.
Don't forget to set SSLCIPH on QMGR and equivalent sslCipherSuite in your application.
_________________
Marcin |
|
| Back to top |
|
|
| sebastianhirt |
| Posted: Mon May 28, 2007 11:48 pm Post subject: |
|
|
Yatiri
Joined: 07 Jun 2004
Posts: 620
Location: Germany
|
Hihi 
Worked on Saturday till 3 in the night on it... Didn't work.
Worked today on it for 5 minutes and it does... Really interesting...
For all interested here the sourcecode:
| Code: |
import com.ibm.mq.*;
public class SSL_SAMPLE {
public static void main(String[] args) {
System.setProperty("javax.net.ssl.keyStore", "C:\\mqs\\key.jks");
System.setProperty("javax.net.ssl.keyStorePassword","123456");
System.setProperty("javax.net.ssl.trustStore","C:\\mqs\\key.jks");
System.setProperty("javax.net.ssl.trustStorePassword","123456");
MQEnvironment.sslCipherSuite = "SSL_RSA_WITH_NULL_MD5";
MQEnvironment.hostname ="localhost";
MQEnvironment.port = 9999;
MQEnvironment.channel = "TEST";
MQQueueManager qm = null;
try {
qm = new MQQueueManager("TEST");
System.out.println(qm.isConnected);
Thread.sleep(1541111244);
} catch (MQException e) {
e.printStackTrace();
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally{
try {
qm.disconnect();
} catch (MQException e) {
}
}
}
} |
Still using the same certificates and so on. Now all that is to do, is to change MQEnvironment back to use the channel tab. |
|
| Back to top |
|
|
| marcin.kasinski |
| Posted: Tue May 29, 2007 12:22 am Post subject: |
|
|
Sentinel
Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
|
| sebastianhirt wrote: |
Hihi
Worked on Saturday till 3 in the night on it... Didn't work.
Worked today on it for 5 minutes and it does... Really interesting...
|
It was 3 in the night, so I suppose you was sleepy. 
_________________
Marcin |
|
| Back to top |
|
|
| sebastianhirt |
| Posted: Tue May 29, 2007 1:17 am Post subject: |
|
|
Yatiri
Joined: 07 Jun 2004
Posts: 620
Location: Germany
|
I certainly was. and even worse... I had to get up at 7:30 the next morning.  |
|
| Back to top |
|
|
|
|
