ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » issue in connecting java client with MQ over SSL connection

Post new topic  Reply to topic
 issue in connecting java client with MQ over SSL connection « View previous topic :: View next topic » 
Author Message
pandeg
PostPosted: Fri May 13, 2016 10:52 am    Post subject: issue in connecting java client with MQ over SSL connection Reply with quote

Disciple

Joined: 21 Oct 2014
Posts: 195

Hi,

I tried to setup the connection between java client and WebSphere MQ over SSL but i am getting some issue. I followed link http://www.ibm.com/support/knowledgecenter/prodconn_1.0.0/com.ibm.scenarios.wmqwassecureonlinux.doc/topics/cfg_client_java.htm to setup the configuration also followed all prerequisite steps to create key and certificate. I am trying to access MQ from Sample Java Client provided in Github( https://github.com/ibm-messaging/mq-tls-ssl-wizard/blob/master/com.ibm.mq.ssl-wizard/src/tlswizard/samples/SSLSample.java). I compiled this java class in eclipse and trying to pass below argument in eclipse when running this client:
10.120.99.54
1414
CRSCONN123
sampleMQ
SSL_RSA_WITH_3DES_EDE_CBC_SHA
"C:\Users\pandeg\Desktop\IBM\WebSphere MQ\javassl\javaClient.jks"
passw0rd

I got below error message :

Quote:
com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'sampleMQ' with connection mode 'Client' and host name '10.120.99.54(1414)'. Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:608)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:236)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:451)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7ProviderConnection(WMQConnectionFactory.java:7188)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:6579)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnection(JmsConnectionFactoryImpl.java:295)
at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectionFactory.java:6232)
at com.ibm.mq.jms.MQQueueConnectionFactory.createQueueConnection(MQQueueConnectionFactory.java:115)
at com.starwood.ssljms.SSLSampleJMS.runSample(SSLSampleJMS.java:181)
at com.starwood.ssljms.SSLSampleJMS.main(SSLSampleJMS.java:140)
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:223)
... 8 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host '10.120.99.54(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=ptdchxfcq89.std.gen/10.120.99.54:1414 (ptdchxfcq89.std.gen),4=SSLSocket.startHandshake,5=default]],3=10.120.99.54(1414),5=RemoteTCPConnection.protocolConnect]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:2019)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1233)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:366)
... 7 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=ptdchxfcq89.std.gen/10.120.99.54:1414 (ptdchxfcq89.std.gen),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1024)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect(RemoteConnection.java:1154)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection(RemoteConnectionPool.java:353)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1607)
... 9 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1009)
at java.security.AccessController.doPrivileged(Native Method)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1004)
... 12 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 18 more


Not sure which step I missed in the configuration. My java client is in one windows machine and Queue Manager is on different windows machine in intranet.
Back to top
View user's profile Send private message
hughson
PostPosted: Fri May 13, 2016 1:37 pm    Post subject: Re: issue in connecting java client with MQ over SSL connect Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

pandeg wrote:
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:223)
... 8 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host '10.120.99.54(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=ptdchxfcq89.std.gen/10.120.99.54:1414 (ptdchxfcq89.std.gen),4=SSLSocket.startHandshake,5=default]],3=10.120.99.54(1414),5=RemoteTCPConnection.protocolConnect]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:2019)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1233)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:366)
... 7 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=ptdchxfcq89.std.gen/10.120.99.54:1414 (ptdchxfcq89.std.gen),4=SSLSocket.startHandshake,5=default]

This suggests you did make contact with the queue manager, and that the queue manager rejected the handshake. So, you need to show us what the queue manager error log has to say about the problem too.

Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
pandeg
PostPosted: Fri May 13, 2016 3:23 pm    Post subject: Re: issue in connecting java client with MQ over SSL connect Reply with quote

Disciple

Joined: 21 Oct 2014
Posts: 195

Quote:
This suggests you did make contact with the queue manager, and that the queue manager rejected the handshake. So, you need to show us what the queue manager error log has to say about the problem too.


Cheers
Morag

Thanks for showing me the direction. I found below log in Queue Manager log

Quote:
AMQ9777: Channel was blocked

EXPLANATION:
The inbound channel 'SYSTEM.DEF.SVRCONN' was blocked from address
'10.120.140.18' because the active values of the channel matched a record
configured with USERSRC(NOACCESS). The active values of the channel were
'CLNTUSER()'.
ACTION:
Contact the systems administrator, who should examine the channel
authentication records to ensure that the correct settings have been
configured. The ALTER QMGR CHLAUTH switch is used to control whether channel
authentication records are used. The command DISPLAY CHLAUTH can be used to
query the channel authentication records.


AMQ9999: Channel 'SYSTEM.DEF.SVRCONN' to host '10.120.140.18 (10.120.140.1'
ended abnormally.

EXPLANATION:
The channel program running under process ID 3864(3668) for channel
'SYSTEM.DEF.SVRCONN' ended abnormally. The host name is '10.120.140.18
(10.120.140.1'; in some cases the host name cannot be determined and so is
shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.
Back to top
View user's profile Send private message
hughson
PostPosted: Fri May 13, 2016 3:34 pm    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

Looks like you didn't quite finish following all the instructions on the page you first referenced: http://www.ibm.com/support/knowledgecenter/prodconn_1.0.0/com.ibm.scenarios.wmqwassecureonlinux.doc/topics/cfg_client_java.htm

IBM Knowledge Center wrote:
Before you begin


Make sure you follow the instructions in the link in the second bullet.

However, you will be pleased to know that if you have got this far through the connection that the CHLAUTH rules in the queue manager are blocking you, this means that your SSL/TLS handshake went well!

Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
pandeg
PostPosted: Thu May 19, 2016 11:24 am    Post subject: Reply with quote

Disciple

Joined: 21 Oct 2014
Posts: 195

Thanks, I am now able to connect to Queue Manager using SSL. Since we are not using CHLAUTH , so i disabled it.
Back to top
View user's profile Send private message
kykb
PostPosted: Tue Apr 11, 2023 6:43 am    Post subject: Reply with quote

Newbie

Joined: 10 Apr 2023
Posts: 4

Thanks I had similar problem.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » issue in connecting java client with MQ over SSL connection
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.