| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Failing connection between client and Server with SSL[RSLVD] |
« View previous topic :: View next topic » |
| Author |
Message
|
| vsridhara |
 Posted: Mon Jan 13, 2014 9:04 pm Post subject: Failing connection between client and Server with SSL[RSLVD] |
 |
|
Novice
Joined: 12 Feb 2009
Posts: 10
|
Hi Experts,
We have been struggling with the following scenario
MQ Server 7.1: Windows 7 64bit , listening on 1414 and Firewall rule for Inbound connections
Server connection channel, and Channel Authentication record to allow "n.*" addresses.
Queue with appropriate authorities for the user "myuser"
SSL Cipher Spec : NULL_MD5
SSL Authentication : Required
MCA User ID : myuser
Key database : key.kdb , contains
Queue Manager certificate(Key size 2048) (ibmwebspheremq<QMName>)
signed certificate for myuser (Key size 2048) (ibmwebspheremq<myuser>)
MQ Client 7.1 : Windows7 64bit, Java MQI program
Key database : client.jks , contains
User certificate(Key size 2048) (ibmwebspheremq<myuser>)
signed certificate for QueueManager(Key size 2048) (ibmwebspheremq<QMName>)
and the program using the following code.
| Code: |
System.setProperty("javax.net.ssl.trustStore", "C:\\MQCLIENTCERT\\client.jks");
System.setProperty("javax.net.ssl.keyStore", "C:\\MQCLIENTCERT\\client.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "mypassword");
MQEnvironment.sslCipherSuite="SSL_RSA_WITH_NULL_MD5";
MQEnvironment.sslFipsRequired=false;
|
No errors in the AMQERR* files on the QueueManager.
With all the setup above, it is failing pathetically with the following error. Please help.
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'n.nnn.nnn.nnn(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=n.nnn.nnn.nnn/n.nnn.nnn.nnn:1414 (n.nnn.nnn.nnn),4=SSLSocket.createSocket,5=default]],3=n.nnn.nnn.nnn(1414),5=RemoteTCPConnection.makeSocketSecure]
Connection to QM(QueueManager) failed CompCode=2 ReasonCode=2397
[/code]
Last edited by vsridhara on Tue Jan 14, 2014 3:07 am; edited 1 time in total |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Mon Jan 13, 2014 9:55 pm Post subject: Re: Failing connection between client and Server with SSL |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| vsridhara wrote: |
| Code: |
MQEnvironment.sslCipherSuite="SSL_RSA_WITH_NULL_MD5";
MQEnvironment.sslFipsRequired=false;
[1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ]
|
|
See above the relevant portion of your response.
Look up in a java tutorial on how to fix this (SSLContext Default implementation not found)
What is the value of your JAVA_HOME environment variable??
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| vsridhara |
| Posted: Mon Jan 13, 2014 10:23 pm Post subject: |
|
|
Novice
Joined: 12 Feb 2009
Posts: 10
|
1) JAVA_HOME is set to mostly the PATH variable content
2) From the support pages of IBM on "Default SSL implementation not found",
http://www-01.ibm.com/support/docview.wss?uid=swg21614686
It says "Specify the correct name and location for the client keystore." .. But I am not sure where I am going wrong! |
|
| Back to top |
|
|
| zpat |
| Posted: Tue Jan 14, 2014 12:55 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Self-signed certs are a bad idea.
Use a Certificate Authority to issue certs and then get the client to hold the QM signer cert - not the QM cert (and vice-versa).
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| jcv |
| Posted: Tue Jan 14, 2014 1:08 am Post subject: |
|
|
Chevalier
Joined: 07 May 2007
Posts: 411
Location: Zagreb
|
If you don't have enough information, and didn't already try that, you can set:
javax.net.debug=ssl
... although I guess you did get that stack trace by using debug. |
|
| Back to top |
|
|
| vsridhara |
| Posted: Tue Jan 14, 2014 3:06 am Post subject: |
|
|
Novice
Joined: 12 Feb 2009
Posts: 10
|
| Guys thank you very much for your time and response. It is resolved now. one letter typo in the "client.jks file, which I overlooked ... |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
