| Author |
Message
|
| GeneRK4 |
 Posted: Wed Oct 30, 2013 8:05 pm Post subject: SSL -One way not working |
 |
|
Master
Joined: 08 Jul 2013
Posts: 220
|
Hi ...
I am trying to implement One way SSL in this way..
1) Created two execution groups
2)Deployed Client flow MQInput node -> SOAPRequest node --> MQOutput node
3)Deployed Server flow SOAPInput node --> Compute node -->SoapReply node
4)I have configured keystore in Client EG and truststore in Server EG to implement One-way SSL
Setting SSL @ Server with below commands (KeyStore)
mqsichangeproperties RadBroker1 -e default -o ComIbmJVMManager -n keystoreFile -v C:\Users\Radha\keystore.jks
mqsichangeproperties RadBroker1 -e default -o ComIbmJVMManager -n keystorePass -v default_nameKeystore::mypass
mqsichangeproperties RadBroker1 -e default -o HTTPSConnector -n sslProtocol -v SSL
Setting SSL @ Client with below commands (Truststore)
mqsichangeproperties RadBroker1 -e TestSSL -o ComIbmJVMManager -n truststoreFile -v C:\Users\Radha\Truststore.jks
mqsichangeproperties RadBroker1 -e TestSSL -o ComIbmJVMManager -n truststorePass -v TestSSLnameTruststore::ab1234
mqsichangeproperties RadBroker1 -e default -o HTTPSConnector -n sslProtocol -v SSL
While testing ,I am getting below error :-
See the following messages for information pertaining to this error.
2013-10-31 08:49:59.806941 8040 RecoverableException BIP3152S: Socket error detected whilst invoking Web service located at host 'localhost', port 7880, path '/ICalculator'.
This may be a transient error, such as a server not responding, or a symptom of an invalid hostname or port number.
Check that the hostname and port number are valid, and point to a functioning Web service.
2013-10-31 08:49:59.806972 8040 SocketException BIP3165S: An error occurred whilst performing an SSL socket operation. Operation: 'connect'. Error Text: 'java.lang.NullPointerException'.
The HTTPS port is set at execution group level :-
explicitlySetPortNumber='7880'
The url used at SOAPRequest node is https://localhost:7880/ICalculator
I am not sure why NullPointerException is received.I think its not even trying to hit the service for making SSL handshake..
I am trying this for the past 1 week...Not able to solve..Please help javascript:emoticon(' ') |
|
| Back to top |
|
 |
| GeneRK4 |
| Posted: Thu Oct 31, 2013 4:35 pm Post subject: |
|
|
Master
Joined: 08 Jul 2013
Posts: 220
|
| Any help on this please..? |
|
| Back to top |
|
|
| Esa |
| Posted: Thu Oct 31, 2013 10:47 pm Post subject: |
|
|
Grand Master
Joined: 22 May 2008
Posts: 1387
Location: Finland
|
Your story doesn't tell if you ever put any certificates in the keystores.
Have you run netstat to determine if any process is listening to port 7880? |
|
| Back to top |
|
|
| GeneRK4 |
| Posted: Sat Nov 02, 2013 7:45 pm Post subject: |
|
|
Master
Joined: 08 Jul 2013
Posts: 220
|
Yes ..I did..
I used below commands :-
To create Self signed certificate
keytool -genkey -alias selfsigned1 -keyalg RSA -keypass mypass -keystore keystore.jks -storepass ab1234
Exporting certficate to keystore
keytool -export -file myselfsigned.cert -keypass mypass -keystore keystore.jks -storepass ab1234 -alias selfsigned1
Importing certificate to Trust store
keytool -importcert -alias selfsigned1 -file myselfsigned.cert -keystore Truststore.jks
Please advice whether I am missing something... |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sun Nov 03, 2013 3:57 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Did you ever check the SSL checkbox on the soaprequest node? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| GeneRK4 |
| Posted: Sun Nov 03, 2013 7:39 am Post subject: |
|
|
Master
Joined: 08 Jul 2013
Posts: 220
|
I could not see Enable SSL anywhere
In Webservice URL,I have given url as https://localhost:7880/ICalculator.
in SOAPRequest node.
In SOAPInput node of Webservice,I have checked the use HTTPS box.
Apart from this ,the output of mqsireport properties of client EG is as below,
autoRespondHTTPHEADRequests=''
algorithm=''
clientAuth=''
keystoreFile=''
keystorePass='********'
keystoreType=''
truststoreFile=''
truststorePass='********'
truststoreType=''
sslProtocol='SSL'
ciphers=''
keypass='********'
keyAlias=''
The detailed error is,
2013-11-03 20:57:29.433504 3844 UserTrace BIP3719I: Node 'SOAP Request' sending SOAP request via transport 'HTTP' ('localhost:7880') for operation 'Add' of type 'request-response'.
See subsequent messages for success or failure messages relating to this request, and for any transport-specific messages.
No action required.
2013-11-03 20:57:29.486150 3844 Error BIP2628E: Exception condition detected on input node 'SSL_CLIENT.MQ Input'.
The input node 'SSL_CLIENT.MQ Input' detected an error whilst processing a message. The message flow has been rolled-back and, if the message was being processed in a unit of work, it will remain on the input queue to be processed again. Following messages will indicate the cause of this exception.
Check the error messages which follow to determine why the exception was generated, and take action as described by those messages.
2013-11-03 20:57:29.486213 3844 RecoverableException BIP2230E: Error detected whilst processing a message in node 'SSL_CLIENT.SOAP Request'.
The message broker detected an error whilst processing a message in node 'SSL_CLIENT.SOAP Request'. An exception has been thrown to cut short the processing of the message.
See the following messages for details of the error.
2013-11-03 20:57:29.486436 3844 RecoverableException BIP3754E: The SOAP Request Node or SOAP Async Request Node SSL_CLIENT.SOAP Request encountered an error while processing the outbound SOAP request.
An error occurred while processing the SOAP Request.
See previous error messages for an indication to the cause of the errors.
2013-11-03 20:57:29.486604 3844 RecoverableException BIP3162S: An HTTP error occurred. The HTTP Request-Line was: ''POST /ICalculator HTTP/1.1
See the following messages for information pertaining to this error.
2013-11-03 20:57:29.486700 3844 RecoverableException BIP3152S: Socket error detected whilst invoking Web service located at host 'localhost', port 7880, path '/ICalculator'.
This may be a transient error, such as a server not responding, or a symptom of an invalid hostname or port number.
Check that the hostname and port number are valid, and point to a functioning Web service.
2013-11-03 20:57:29.486734 3844 SocketException BIP3165S: An error occurred whilst performing an SSL socket operation. Operation: 'connect'. Error Text: 'java.lang.NullPointerException'.
This may be a temporary error, such as a server not responding, or a symptom of an invalid hostname or port number. |
|
| Back to top |
|
|
| GeneRK4 |
| Posted: Sun Nov 03, 2013 4:47 pm Post subject: |
|
|
Master
Joined: 08 Jul 2013
Posts: 220
|
| Esa wrote: |
Have you run netstat to determine if any process is listening to port 7880? |
Hi..I dont see any process running with 7880 when using netstat.
I used ,
mqsichangeproperties RadBroker1 -e default -o ExecutionGroup -n httpNodesUseEmbeddedListener -v true
to enable EG wide http listener
I restarted broker.Still I dont see in netstat -an
Please help me in what I am missing... |
|
| Back to top |
|
|
| GeneRK4 |
| Posted: Sun Nov 03, 2013 6:42 pm Post subject: |
|
|
Master
Joined: 08 Jul 2013
Posts: 220
|
After a long struggle,this has worked for me 
I found the problem 
When we get errors in Trace ,we should also check the broker SSL logs which comes under the path <Workpath>/components/<brokername>/EG uuid/console
I found more detailed error aspassword failed.
I found that the password I used during creation of certificate and the password used during mqsisetdbparms are different.
I recreated all the certificates.
Also,I got error as ,
host did not have a valid cert
Exception in thread "Thread-10" javax.net.ssl.SSLPeerUnverifiedException: SSL Peer certificate did not match host name
For this I unchecked the property "Enable SSL certificate Host name checking" in SOAPRequest node.
Now this is working fine... 
I am getting proper output with no errors in any logs |
|
| Back to top |
|
|
|
|
