ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » Java client & MQServer SSL with PKCS12 keystore format

Post new topic  Reply to topic
 Java client & MQServer SSL with PKCS12 keystore format « View previous topic :: View next topic » 
Author Message
wwwrakesh
PostPosted: Thu May 06, 2004 12:18 am    Post subject: Java client & MQServer SSL with PKCS12 keystore format Reply with quote

Novice

Joined: 13 Feb 2002
Posts: 10

Hi All,

I am trying to do SSL communication with Java client & MQServer on Windows NT and AIX. I have done this succesfuly with JKS format of keystore. But I am struggling with keystore of PKCS12 format. I created keystore of PKCS12 format using IBM's Ikeyman tool & imported keys from certficates( demo certificates installed in IE from GlobalSIgn).
Also I used following JVM that I got from Webshphere installation.
***********************************************************
java version "1.3.1"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1)
Classic VM (build 1.3.1, J2RE 1.3.1 IBM Windows 32 build cn131-20021107 (JIT enabled: jitc))
********************************************************
After that I was able to read PKCS12 keystore with your programs (SSOKeyStore.java)
With this JVM when I executed program then I got runtime error message
********************************************************
Setting up MQ environment
Connecting Queue Manager
java.lang.RuntimeException: Invalid keystore format
at com.ibm.jsse.bb.engineInit(Unknown Source)
at javax.net.ssl.TrustManagerFactory.init(Unknown Source)
at javax.net.ssl.SSLSocketFactory.getDefault(Unknown Source)
at com.ibm.mq.SSLHelper.createSSLSocket(SSLHelper.java:112)
at com.ibm.mq.MQInternalCommunications.createSocketConnection(MQInternal Communications.java:1128)
at com.ibm.mq.MQInternalCommunications.access$000(MQInternalCommunications.java:110)
at com.ibm.mq.MQInternalCommunications$1.run(MQInternalCommunications.ja va:444)
at java.security.AccessController.doPrivileged(Native Method)
at com.ibm.mq.MQInternalCommunications.<init>(MQInternalCommunications.java:441)
at com.ibm.mq.MQSESSIONClient.MQCONN(MQSESSIONClient.java:1310)
at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:161)
at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:270)
at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:290)
at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:80)
at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:150)
at com.ibm.mq.MQQueueManager.obtainBaseMQQueueManager(MQQueueManager.java:682)
at com.ibm.mq.MQQueueManager.construct(MQQueueManager.java:620)
at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:393)
at MQPutGet.sendReceive(MQPutGet.java:75)
at MQPutGet.main(MQPutGet.java:188)
MQJE001: An MQException occurred: Completion Code 2, Reason 2059
MQJE013: Error accessing socket streams
MQJE001: Completion Code 2, Reason 2059
An MQSeries error occurred : Completion code 2 Reason code 2059
error reason: null
finished
******************************************************
Today again then I ran my program with following Jbuilder JDK
********************************
java version "1.4.1"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1-b21)
Java HotSpot(TM) Client VM (build 1.4.1-b21, mixed mode)
************************
& I got usual error message on console
***********************************************
Setting up MQ environment
Connecting Queue Manager
MQJE001: An MQException occurred: Completion Code 2, Reason 2059
MQJE013: Error accessing socket streams
MQJE001: Completion Code 2, Reason 2059
An MQSeries error occurred : Completion code 2 Reason code 2059
error reason:null
finished
*********************************************
I want to kow why the "Invalid keystore format" problem is coming with PKCS12 format while is having no trouble with JKS format.

I am attaching trace of programs for both JVMs(IBM & SUN).

many thanks & regards
Rakesh
Back to top
View user's profile Send private message Send e-mail
techno
PostPosted: Tue Aug 03, 2004 8:46 am    Post subject: Reply with quote

Chevalier

Joined: 22 Jan 2003
Posts: 429

could you solve the above one?
Back to top
View user's profile Send private message
wwwrakesh
PostPosted: Tue Aug 03, 2004 9:01 am    Post subject: Reply with quote

Novice

Joined: 13 Feb 2002
Posts: 10

Yeah! I had changed java.security file entry(providers).
Back to top
View user's profile Send private message Send e-mail
techno
PostPosted: Wed Aug 04, 2004 7:31 am    Post subject: Reply with quote

Chevalier

Joined: 22 Jan 2003
Posts: 429

I appreciate if you could tell me what changes you have made to the providers?

Thanks
Back to top
View user's profile Send private message
wwwrakesh
PostPosted: Wed Aug 04, 2004 7:38 am    Post subject: Reply with quote

Novice

Joined: 13 Feb 2002
Posts: 10

I have changed provider list as below
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.jsse.IBMJSSEProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
Back to top
View user's profile Send private message Send e-mail
techno
PostPosted: Wed Aug 04, 2004 7:56 am    Post subject: Reply with quote

Chevalier

Joined: 22 Jan 2003
Posts: 429

Here is my problem. I appreciate for any help you can do:

Java client works fine when connected to qmgr without SSL.

With SSL, RC 2059 is thrown.

MQ JMS Client is on Win2K
Have jdk1.3 with JSSE installed.(added JSSE jars to ext dir)
C:\Version2\admin>java -version
java version "1.3.1_11"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1_11-b02)
Java HotSpot(TM) Client VM (build 1.3.1_11-b02, mixed mode)



MQ Qmgr is on HP-UX (WebSphere MQ)
$ mqver
Name: WebSphere MQ
Version: 530.5 CSD05
CMVC level: p530-05-L030926
BuildType: IKAP - (Production)
$





Channel and Qmgr defs:

1 : dis qmgr
MQ8408: Display Queue Manager details.
DESCR( ) DEADQ(DHOCLM2.DEAD)
DEFXMITQ( ) CHADEXIT( )
CLWLEXIT( ) CLWLDATA( )
REPOS( ) REPOSNL( )
SSLKEYR(/home/mqm/ver2/ssl/key) SSLCRLNL( )
SSLCRYP( ) COMMANDQ(SYSTEM.ADMIN.COMMAND.QUEUE)
QMNAME(DHOCLM2) CRDATE(2003-12-16)
CRTIME(14.44.56) ALTDATE(2004-07-29)
ALTTIME(13.41.40) QMID(DHOCLM2_2003-12-16_14.44.56)
TRIGINT(999999999) MAXHANDS(256)
MAXUMSGS(10000) AUTHOREV(DISABLED)
INHIBTEV(DISABLED) LOCALEV(DISABLED)
REMOTEEV(DISABLED) PERFMEV(ENABLED)
STRSTPEV(ENABLED) CHAD(DISABLED)
CHADEV(DISABLED) CLWLLEN(100)
MAXMSGL(26214400) CCSID(1051)
MAXPRTY(9) CMDLEVEL(530)
PLATFORM(UNIX) SYNCPT
DISTL(YES)

2 : dis chl(cli*) all
AMQ8414: Display Channel details.
CHANNEL(CLIDHOCLM2) CHLTYPE(SVRCONN)
TRPTYPE(TCP) DESCR( )
SCYEXIT( ) MAXMSGL(4194304)
SCYDATA( ) HBINT(300)
SSLCIPH(RC4_MD5_US) SSLCAUTH(OPTIONAL)
KAINT(AUTO) MCAUSER( )
ALTDATE(2004-08-02) ALTTIME(09.40.05)
SSLPEER()
SENDEXIT( )
RCVEXIT( )
SENDDATA( )
RCVDATA( )

// This may not be needed when Java client is used.
AMQ8414: Display Channel details.
CHANNEL(CLIDHOCLM2) CHLTYPE(CLNTCONN)
TRPTYPE(TCP) DESCR( )
QMNAME( ) MODENAME( )
TPNAME( ) SCYEXIT( )
MAXMSGL(4194304) SCYDATA( )
USERID( ) PASSWORD( )
CONNAME(RDASR1(1414)) HBINT(300)
SSLCIPH(RC4_MD5_US) LOCLADDR( )
KAINT(AUTO) ALTDATE(2004-08-02)
ALTTIME(09.41.37) SSLPEER()
SENDEXIT( )
RCVEXIT( )
SENDDATA( )
RCVDATA( )


Java Code:
Added following extra lines to my existing code
String sSLCipherSuite = (ecfConfig).getString("CLIENTMQ.SSLCIPHER");// SSL_RSA_WITH_RC4_128_MD5
---
---
((MQQueueConnectionFactory) qConnectionFactory).setSSLCipherSuite(sSLCipherSuite) ;


Part of JMS Trace:

09:12:03:[1091549523551] Thread: Thread-0 <== SSLHelper::createSSLSocket() exit
09:12:03:[1091549523551] Thread: Thread-0 Class: MQSESSIONClient MQException occurred whilst connecting
09:12:03:[1091549523551] Thread: Thread-0 <== MQSESSIONClient::MQCONN() exit
09:12:03:[1091549523551] Thread: Thread-0 <== MQSESSIONClient::MQCONNX() exit
09:12:03:[1091549523551] Thread: Thread-0 <== MQSESSIONClient::spiConnect() exit
09:12:03:[1091549523551] Thread: Thread-0, Object: com.ibm.mq.MQManagedConnectionJ11@706dc3 <== MQManagedConnection constructor (via exception)() exit
09:12:03:[1091549523551] Thread: Thread-0, Object: com.ibm.mq.MQManagedConnectionJ11@706dc3 Flowing exception message from pCause
09:12:03:[1091549523551] Thread: Thread-0, Object: com.ibm.mq.MQException: MQJE001: An MQException occurred: Completion Code 2, Reason 2059
MQJE013: Error accessing socket streams ==> MQException constructor(cc, rc, source, MQException)() entry

09:12:03:[1091549523551] Thread: Thread-0, Object: com.ibm.mq.MQException: MQJE001: An MQException occurred: Completion Code 2, Reason 2059
MQJE013: Error accessing socket streams cc = 2
09:12:03:[1091549523551] Thread: Thread-0, Object: com.ibm.mq.MQException: MQJE001: An MQException occurred: Completion Code 2, Reason 2059
MQJE013: Error accessing socket streams rc = 2059

09:12:03:[1091549523551] Thread: Thread-0, Object: com.ibm.mq.MQException: MQJE001: An MQException occurred: Completion Code 2, Reason 2059
MQJE013: Error accessing socket streams source = static method in SSL code
09:12:03:[1091549523551] Thread: Thread-0, Object: com.ibm.mq.MQException: MQJE001: An MQException occurred: Completion Code 2, Reason 2059
MQJE013: Error accessing socket streams msgId = 54


-------------------------------------------------------------------------------

I have another question. How does client java app knows how to authenticate qmgr? I added the self-signed certificate (got from hp-ux) to the keystore on windows. How does the client know to search for this key store? Do I need to specify mqsslkeyr environment property? Anyways, I did that. No luck.
-------------------------------------------------------------------------------
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » Java client & MQServer SSL with PKCS12 keystore format
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.