| Author |
Message
|
| Shakthi Prian |
 Posted: Tue Sep 18, 2012 1:49 am Post subject: how to connect MQ by ssl enabled server connection channel? |
 |
|
Newbie
Joined: 18 Sep 2012
Posts: 2
|
I get exception "com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2393'" in the below code. My requirement is to connect QM using a ssl server-connection channel. Client authentication is not required.
MQEnvironment.hostname="my host name";
MQEnvironment.channel="my server connection channel";
MQEnvironment.port=Integer.parseInt("1414");
MQEnvironment.sslFipsRequired=true;
MQEnvironment.sslCipherSuite = "SSL_RSA_WITH_RC4_128_MD5";//RC4_MD5_US
MQQueueManager qMgr=null;
try{
qMgr = new MQQueueManager("apm_qm");//exception occurs here
}
Exception:
com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2393'.
at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:235)
at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:505)
at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:547)
at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:95)
at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:182)
at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:869)
at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:761)
at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:712)
at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:171)
at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:597)
at com.adventnet.appmanager.server.framework.mqseries.MQSeriesDataCollector.main(MQSeriesDataCollector.java:47)
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9204: Connection to host 'shakthi-0546(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2393],3=shakthi
-0546(1414),5=RemoteTCPConnection.chooseSocketFactory]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1809)
at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:915)
at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:224)
... 10 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory(RemoteTCPConnection.java:2023)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure(RemoteTCPConnection.java:1604)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress(RemoteTCPConnection.java:618)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:935)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect(RemoteConnection.java:1075)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection(RemoteConnectionPool.java:338)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1488)
... 12 more |
|
| Back to top |
|
 |
| zpat |
| Posted: Tue Sep 18, 2012 2:41 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Sep 18, 2012 12:16 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Have you verified that your cipher suite and fips settings don't clash?
Is your key length >=2048 (fips requirement) 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Shakthi Prian |
| Posted: Wed Sep 19, 2012 1:39 am Post subject: |
|
|
Newbie
Joined: 18 Sep 2012
Posts: 2
|
| Some more clarification needed. I am using is 7.0. My aim is to get queue details using PCFMessageAgent in our product (a kind of monitoring tool). I dont have much knowledge in MQ (Just know to add a QM and create a server connection channel) And my need is like ssl for a server connection channel is enabled (without a client authentication) and to get the queue status. My question is where it is possible to get queue status details of ssl enabled server connection channel (right click on server connection channel -> properties -> ssl -> NULL_SHA) without client authentication? |
|
| Back to top |
|
|
| zpat |
| Posted: Wed Sep 19, 2012 2:24 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
The QM must have a certificate. The client must have the signer cert for this server (aka "personal") cert.
You will get encryption without using client authentication.
In other words, the client always validates the QM cert, but it is optional to do the reverse. |
|
| Back to top |
|
|
|
|
