| Author |
Message
|
| Umarul Farooq |
 Posted: Tue Feb 14, 2012 6:30 am Post subject: Could not establish SSL Connection |
 |
|
Novice
Joined: 15 Jan 2012
Posts: 14
|
Hi All,
I am getting error while establish the SSL connection using Java client.
Below are the steps i did in Server and client side
I. Server Side.
a. Created queue manager certificate KeyStores (.kdb)
b. Created queue manager self-signed certificates
c. Extracted a self-signed certificate
d. Altered Queue Manager SSLKEYR and SSLEV properties
ALTER QMGR SSLKEYR('<location>') SSLEV(ENABLED)
REFRESH SECURITY TYPE(SSL)
e. Configured key algorithms type in Channel
alter chl('<ChannelName>') chltype(svrconn) sslciph(triple_des_sha_us) sslcauth(optional)
II. Client Side
a. Created TrustStore (.jks)
b. Added MQ Manager Certificate into the Client's Trust store
c. Added below code in the client Java programe
System.setProperty("javax.net.ssl.trustStore","<location>");
System.setProperty("javax.net.ssl.trustStorePassword","<pwd>");
MQEnvironment.sslCipherSuite ="SSL_RSA_WITH_3DES_EDE_CBC_SHA";
When i run client programe, i am getting below error
I. MQ Manager error Log
---- amqrmrsa.c : 459 --------------------------------------------------------
02/14/2012 07:01:12 PM - Process(27765.22) User(mqm) Program(amqrmppa)
AMQ9220: The communications program could not be loaded.
EXPLANATION:
The attempt to load the library or procedure '????' failed with error code 0.
ACTION:
Either the library must be installed on the system or the environment changed
to allow the program to locate it.
----- amqrssqa.c : 1044 -------------------------------------------------------
02/14/2012 07:01:12 PM - Process(27765.22) User(mqm) Program(amqrmppa)
AMQ9220: The GSKitSSL communications program could not be loaded.
EXPLANATION:
The attempt to load the GSKitSSL library or procedure 'amqccgsk_r' failed with
error code 536895861.
ACTION:
Either the library must be installed on the system or the environment changed
to allow the program to locate it.
II. Java Exception (client prg)
MQJE001: An MQException occurred: Completion Code 2, Reason 2397
MQJE056: Initial negotiation failure
MQJE001: Completion Code 2, Reason 2397
com.ibm.mq.MQException: MQJE001: Completion Code 2, Reason 2397
Thanks in advance for your advices.[/u] |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Tue Feb 14, 2012 7:05 am Post subject: Re: Could not establish SSL Connection |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Umarul Farooq wrote: |
---- amqrmrsa.c : 459 --------------------------------------------------------
02/14/2012 07:01:12 PM - Process(27765.22) User(mqm) Program(amqrmppa)
AMQ9220: The communications program could not be loaded.
EXPLANATION:
The attempt to load the library or procedure '????' failed with error code 0.
ACTION:
Either the library must be installed on the system or the environment changed
to allow the program to locate it.
----- amqrssqa.c : 1044 -------------------------------------------------------
02/14/2012 07:01:12 PM - Process(27765.22) User(mqm) Program(amqrmppa)
AMQ9220: The GSKitSSL communications program could not be loaded.
EXPLANATION:
The attempt to load the GSKitSSL library or procedure 'amqccgsk_r' failed with
error code 536895861.
ACTION:
Either the library must be installed on the system or the environment changed
to allow the program to locate it.[/u] |
I'm going to go out on a limb here, and speculate the the library path or environment variable(s) do not include the GSK files.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Umarul Farooq |
| Posted: Tue Feb 14, 2012 7:23 am Post subject: |
|
|
Novice
Joined: 15 Jan 2012
Posts: 14
|
Thank you Bruce ...
I am sorry, i did not get your message. Could you please let me know the fix for this. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Feb 14, 2012 7:26 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You did not install the IBM GSKit on the client machine, or did not set the necessary environment variables to make it available to your java code.
Or you are using a JVM that does not include the IBM GSKit.
You should review the Info center topics on using SSL from within Java client applications. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Feb 14, 2012 7:27 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Umarul Farooq wrote: |
| I am sorry, i did not get your message. Could you please let me know the fix for this. |
IMHO the message was that the GSK files are missing from the library path being searched to find them, and the fix would be to add them to that path by an appropriate means. Or install them if they're missing.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Feb 14, 2012 7:32 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Is that an echo I hear?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Feb 14, 2012 7:39 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| bruce2359 wrote: |
| Is that an echo I hear? |
Vitor is still not quite as quick on the draw. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Feb 14, 2012 7:55 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjeff wrote: |
| bruce2359 wrote: |
| Is that an echo I hear? |
Vitor is still not quite as quick on the draw. |
And is trying to cut back on 
My blood pressure is better but my reaction time is slowing.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
