Ibm error 2397

I am trying to set up a 2 way SSl using my java code. I am successful doing it one way that is server certificate gets validated from my side but when it comes to two way I get a 2397 Error code. ...

I am trying to set up a 2 way SSl using my java code. I am successful doing it one way that is server certificate gets validated from my side but when it comes to two way I get a 2397 Error code.

Steps followed by me are:

  1. Create a keystore with a self-signed certificate using Keytool, deploy it in truststore of MQ server.
  2. Create a keystore for MQ server and create a self-signed certificate.
  3. Deploy MQ server’s certificate in my truststore.

Then I try to run my java Code. This works fine without SSL or One way SSL.But two way handshake if failing. Below is the code and stack trace:

    //code to create MQ connectivity
    public static void main(String [] args){
    System.setProperty("javax.net.debug","ssl");
    //keystore path
    System.setProperty("javax.net.ssl.keyStore", "C:/keystores/keystore.jks");              
    System.setProperty("javax.net.ssl.keyStorePassword", "password");
    //trsutstore path
    System.setProperty("javax.net.ssl.trustStore", "C:/keystores/truststore.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");
    //cipher spec          
     MQEnvironment.sslCipherSuite = "SSL_RSA_WITH_NULL_MD5";
     MQEnvironment.hostname = "*****-ws3717";//system name
     MQEnvironment.port = 1414;
     MQEnvironment.channel = "channel_name";//channel name
     MQQueueManager qm = null;
     try {  qm = new MQQueueManager("QMNGR");
         System.out.println("Conn Successs!!!");
     } catch (MQException e) {
         e.printStackTrace();
     } 
     finally {
         try {
             qm.disconnect();
         } catch (Exception e) {
             e.printStackTrace();
             e.getCause();
         }
     }
     } }

Stack Trace is as follows:

keyStore is : C:/keystores/keystore.jks
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
***
found key for : selfsigned
chain [0] = [
[
  Version: V3
  Subject: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key:  Sun RSA public key, 1024 bits
  modulus: 132473562370742919150140985227175013875110053845431438145351913928668686945002725183702560702247749924970161010103451411451345824467592557656888776558245848713650717773344294766986771753500118311618188922138349812131167438364266468003061810102502957510761089213138803410346480285664890149111581898928681089463
  public exponent: 65537
  Validity: [From: Fri May 25 13:54:00 IST 2012,
               To: Sat May 25 13:54:00 IST 2013]
  Issuer: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  SerialNumber: [    4fbf41a0]
]
  Algorithm: [MD5withRSA]
  Signature:
0000: 46 D0 CC DF AB 5F 6F D3   37 33 E1 64 F7 1B F7 3F  F...._o.73.d...?
0010: 98 95 06 09 F9 84 C8 3A   65 CF A7 24 BB 46 95 DF  .......:e..$.F..
0020: 8B 30 F2 BC 5C F9 CC 31   E4 36 53 43 BB 50 1B EF  .0....1.6SC.P..
0030: 8C 9B DB C0 41 C9 2C 37   AD B6 1D 30 BF 6E 75 E4  ....A.,7...0.nu.
0040: A9 05 E7 30 5A B1 30 84   6B 8E B7 7A 83 2D 33 01  ...0Z.0.k..z.-3.
0050: A1 44 86 A0 11 30 C3 4D   5B 68 7E 0B 09 48 03 CC  .D...0.M[h...H..
0060: DF C5 97 AD 87 40 DC 2A   9A 3D ED FC 27 D3 8B 4F  .....@.*.=..'..O
0070: F0 21 02 E8 62 6B 05 63   57 BB E8 4D 33 EA 35 9E  .!..bk.cW..M3.5.
]
***
trustStore is: C:keystorestruststore.jks
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Issuer:  CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Algorithm: RSA; Serial number: 0x4fbf4261
  Valid from Fri May 25 13:57:13 IST 2012 until Sat May 25 13:57:13 IST 2013
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, SSLv3
RandomCookie:  GMT: 1321485794 bytes = { 138, 193, 95, 113, 86, 252, 250, 50, 154, 121, 73, 8, 93, 116, 115, 184, 182, 142, 240, 205, 15, 250, 172, 171, 111, 5, 122, 52 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_NULL_MD5]
Compression Methods:  { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
***
main, WRITE: SSLv3 Handshake, length = 52
main, READ: SSLv3 Handshake, length = 4875
*** ServerHello, SSLv3
RandomCookie:  GMT: 1321485794 bytes = { 250, 173, 248, 90, 241, 136, 107, 119, 99, 92, 80, 19, 223, 223, 152, 131, 216, 115, 242, 56, 198, 135, 156, 111, 210, 234, 220, 103 }
Session ID:  {240, 31, 0, 0, 80, 56, 194, 89, 112, 238, 203, 154, 79, 75, 68, 48, 106, 203, 19, 130, 88, 88, 88, 88, 226, 70, 196, 79, 13, 0, 0, 0}
Cipher Suite: SSL_RSA_WITH_NULL_MD5
Compression Method: 0
***
Warning: No renegotiation indication extension in ServerHello
%% Created:  [Session-1, SSL_RSA_WITH_NULL_MD5]
** SSL_RSA_WITH_NULL_MD5
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key:  Sun RSA public key, 1024 bits
  modulus: 105605049659295333895264877648371480987144339115417104117025065956957634413900327625548229515098843172709660865042903412409581107015480309223474293490705595126088958625491899627683399717294708677347640098462040771799700233921554682196524988217754821345297656825451441457385676164016790486091736694366149540953
  public exponent: 65537
  Validity: [From: Fri May 25 13:57:13 IST 2012,
               To: Sat May 25 13:57:13 IST 2013]
  Issuer: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  SerialNumber: [    4fbf4261]
]
  Algorithm: [MD5withRSA]
  Signature:
0000: 81 F5 2C 2A 77 63 F1 CD   D8 31 E1 BE B5 9B 28 C5  ..,*wc...1....(.
0010: 6B EA 24 BB 5C 3D EB D0   EB E3 86 2E D7 1C 0D 92  k.$.=..........
0020: 36 A2 79 13 BC 74 40 C4   BF 7C F7 1B 05 8C 6B CF  6.y..t@.......k.
0030: EB 2C C2 0D E3 40 F7 F0   95 66 B6 85 AE 84 66 C9  .,...@...f....f.
0040: B7 C5 29 BE 71 1F 28 C0   83 1C 94 41 08 2A 44 45  ..).q.(....A.*DE
0050: 99 FD C5 77 28 26 FC 50   A3 69 32 BD F5 8B 0C A6  ...w(&.P.i2.....
0060: 13 21 0F BA B2 C6 A2 71   18 17 94 31 3B 7E 88 63  .!.....q...1;..c
0070: C0 01 76 DC 60 47 BB 3F   2F 7E 2A 73 84 DA 60 79  ..v.`G.?/.*s..`y
]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key:  Sun RSA public key, 1024 bits
  modulus: 105605049659295333895264877648371480987144339115417104117025065956957634413900327625548229515098843172709660865042903412409581107015480309223474293490705595126088958625491899627683399717294708677347640098462040771799700233921554682196524988217754821345297656825451441457385676164016790486091736694366149540953
  public exponent: 65537
  Validity: [From: Fri May 25 13:57:13 IST 2012,
               To: Sat May 25 13:57:13 IST 2013]
  Issuer: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  SerialNumber: [    4fbf4261]
]
  Algorithm: [MD5withRSA]
  Signature:
0000: 81 F5 2C 2A 77 63 F1 CD   D8 31 E1 BE B5 9B 28 C5  ..,*wc...1....(.
0010: 6B EA 24 BB 5C 3D EB D0   EB E3 86 2E D7 1C 0D 92  k.$.=..........
0020: 36 A2 79 13 BC 74 40 C4   BF 7C F7 1B 05 8C 6B CF  6.y..t@.......k.
0030: EB 2C C2 0D E3 40 F7 F0   95 66 B6 85 AE 84 66 C9  .,...@...f....f.
0040: B7 C5 29 BE 71 1F 28 C0   83 1C 94 41 08 2A 44 45  ..).q.(....A.*DE
0050: 99 FD C5 77 28 26 FC 50   A3 69 32 BD F5 8B 0C A6  ...w(&.P.i2.....
0060: 13 21 0F BA B2 C6 A2 71   18 17 94 31 3B 7E 88 63  .!.....q...1;..c
0070: C0 01 76 DC 60 47 BB 3F   2F 7E 2A 73 84 DA 60 79  ..v.`G.?/.*s..`y
]
*** CertificateRequest
Cert Types: RSA
Cert Authorities:
<EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
<EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
<EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=VeriSign Class 4 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 4 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=VeriSign Class 3 Secure Server CA, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US>
<CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net>
<CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US>
<CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net>
<CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN>
*** ServerHelloDone
matching alias: selfsigned
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  Sun RSA public key, 1024 bits
  modulus: 132473562370742919150140985227175013875110053845431438145351913928668686945002725183702560702247749924970161010103451411451345824467592557656888776558245848713650717773344294766986771753500118311618188922138349812131167438364266468003061810102502957510761089213138803410346480285664890149111581898928681089463
  public exponent: 65537
  Validity: [From: Fri May 25 13:54:00 IST 2012,
               To: Sat May 25 13:54:00 IST 2013]
  Issuer: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  SerialNumber: [    4fbf41a0]
]
  Algorithm: [MD5withRSA]
  Signature:
0000: 46 D0 CC DF AB 5F 6F D3   37 33 E1 64 F7 1B F7 3F  F...._o.73.d...?
0010: 98 95 06 09 F9 84 C8 3A   65 CF A7 24 BB 46 95 DF  .......:e..$.F..
0020: 8B 30 F2 BC 5C F9 CC 31   E4 36 53 43 BB 50 1B EF  .0....1.6SC.P..
0030: 8C 9B DB C0 41 C9 2C 37   AD B6 1D 30 BF 6E 75 E4  ....A.,7...0.nu.
0040: A9 05 E7 30 5A B1 30 84   6B 8E B7 7A 83 2D 33 01  ...0Z.0.k..z.-3.
0050: A1 44 86 A0 11 30 C3 4D   5B 68 7E 0B 09 48 03 CC  .D...0.M[h...H..
0060: DF C5 97 AD 87 40 DC 2A   9A 3D ED FC 27 D3 8B 4F  .....@.*.=..'..O
0070: F0 21 02 E8 62 6B 05 63   57 BB E8 4D 33 EA 35 9E  .!..bk.cW..M3.5.
]
***
*** ClientKeyExchange, RSA PreMasterSecret, SSLv3
main, WRITE: SSLv3 Handshake, length = 711
SESSION KEYGEN:
PreMaster Secret:
0000: 03 00 3D 04 C8 EF 08 83   A4 EF 85 1C D9 96 A0 77  ..=............w
0010: 32 2A A5 43 14 98 11 6F   DD 01 52 73 4D DF B4 5A  2*.C...o..RsM..Z
0020: C5 2E FC 2A C0 F6 C2 9B   11 23 B2 C0 7B 59 E8 96  ...*.....#...Y..
CONNECTION KEYGEN:
Client Nonce:
0000: 4F C4 46 E2 8A C1 5F 71   56 FC FA 32 9A 79 49 08  O.F..._qV..2.yI.
0010: 5D 74 73 B8 B6 8E F0 CD   0F FA AC AB 6F 05 7A 34  ]ts.........o.z4
Server Nonce:
0000: 4F C4 46 E2 FA AD F8 5A   F1 88 6B 77 63 5C 50 13  O.F....Z..kwcP.
0010: DF DF 98 83 D8 73 F2 38   C6 87 9C 6F D2 EA DC 67  .....s.8...o...g
Master Secret:
0000: C0 20 A8 BC D1 A7 06 B0   C5 07 CA A7 83 C5 35 9E  . ............5.
0010: 20 AB B6 28 8C 7E EF 14   CB 9D C1 ED C5 62 F8 A1   ..(.........b..
0020: 6A DE 9F AF 16 5B 2F 1D   21 8F A3 2C F7 B9 3D 36  j....[/.!..,..=6
Client MAC write Secret:
0000: 09 E8 CE 6C D1 2D 43 86   7E 74 1C 5F 68 DA E2 AE  ...l.-C..t._h...
Server MAC write Secret:
0000: CE 62 DA F7 2C F2 2B 4A   AD 47 8F 61 BD 58 51 BD  .b..,.+J.G.a.XQ.
... no encryption keys used
... no IV used for this cipher
*** CertificateVerify
main, WRITE: SSLv3 Handshake, length = 134
main, WRITE: SSLv3 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 4, 127, 139, 212, 93, 181, 170, 62, 121, 196, 243, 156, 251, 103, 206, 222, 2, 10, 84, 35, 186, 251, 144, 6, 31, 97, 135, 179, 160, 127, 204, 93, 100, 140, 74, 79 }
***
main, WRITE: SSLv3 Handshake, length = 56
main, waiting for close_notify or alert: state 1
main, Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
MQJE001: An MQException occurred: Completion Code 2, Reason 2397
MQJE030: IOException during security flows
MQJE001: Completion Code 2, Reason 2397
com.ibm.mq.MQException: MQJE001: Completion Code 2, Reason 2397
    at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:219)
    at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:318)
    at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:338)
    at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:84)
    at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:168)
    at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:772)
    at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:697)
    at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:657)
    at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:153)
    at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:451)
    at com.test.SSlTest.main(SSlTest.java:68)
Caused by: java.net.SocketException: Software caused connection abort: recv failed
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.read(SocketInputStream.java:129)
    at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1493)
    at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103)
    at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:689)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:985)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:904)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:238)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
    at com.ibm.mq.SSLHelper.configureSSLSocket(SSLHelper.java:567)
    at com.ibm.mq.SSLHelper.createSSLSocket(SSLHelper.java:150)
    at com.ibm.mq.MQInternalCommunications.createSocketConnection(MQInternalCommunications.java:2264)
    at com.ibm.mq.MQv6InternalCommunications$1.run(MQv6InternalCommunications.java:157)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.ibm.mq.MQv6InternalCommunications.initialize(MQv6InternalCommunications.java:154)
    at com.ibm.mq.MQv6InternalCommunications.<init>(MQv6InternalCommunications.java:102)
    at com.ibm.mq.MQSESSIONClient.MQCONNX(MQSESSIONClient.java:1337)
    at com.ibm.mq.MQSESSIONClient.MQCONN(MQSESSIONClient.java:1246)
    at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:184)
    ... 10 more

Kindly help me….

Источник

Содержание

  1. Troubleshooting IBM MQ Java/JMS SSL Configurations
  2. Troubleshooting
  3. Problem
  4. Symptom
  5. Diagnosing The Problem
  6. Resolving The Problem

Troubleshooting IBM MQ Java/JMS SSL Configurations

Troubleshooting

Problem

Symptom

Diagnosing The Problem

Two sets of documentation are required:

  • SystemOut, console output or Java/JMS trace — this will show the exceptions with stack outputs as seen below
  • AMQERR*.LOG files from the queue manager install location. these will contain the AMQxxxx errors as seen below

Resolving The Problem

Cause 1 Client missing personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2059’ (‘MQRC_Q_MGR_NOT_AVAILABLE’)

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;
AMQ9204: Connection to host localhost(1414)’ rejected.
[1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2059;
AMQ9503: Channel negotiation failed.
[3=SYSTEM.DEF.SVRCONN]],3=localhost(1414),
5=RemoteConnection.analyseErrorSegment]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:2010)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1227)
at com.ibm.msg.client.wmq.internal.WMQConnection.
(WMQConnection.java:355)
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;
AMQ9503: Channel negotiation failed.
[3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.analyseErrorSegment(RemoteConnection.java:4366)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.receiveTSH(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.initSess(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.connect(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
Queue Manager
Error Logs		 AMQ9637: Channel is lacking a certificate.
Solution Add a personal certificate to the client’s keystore which has been signed by a certificate in the queue manager’s key database.
Cause 2 Missing server personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2397’ (‘MQRC_JSSE_ERROR’))

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;
AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException
[Remote host closed connection during
handshake],3=localhost/127.0.0.1:1414(localhost),
4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection
.protocolConnect(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.connect(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
. 8 more
Caused by: javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake
at com.ibm.jsse2.tc.a(tc.java:438)
at com.ibm.jsse2.tc.g(tc.java:416)
at com.ibm.jsse2.tc.a(tc.java:60)
at com.ibm.jsse2.tc.startHandshake(tc.java:381)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection$6
.run(RemoteTCPConnection.java:1005)
at java.security.AccessController.doPrivileged(AccessController.java:202)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection
.protocolConnect(RemoteTCPConnection.java:1000)
. 11 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.ibm.jsse2.a.a(a.java:120)
at com.ibm.jsse2.tc.a(tc.java:540)
. 17 more )

Queue Manager
Error Logs		 AMQ9637: Channel is lacking a certificate.
Solution Add a personal certificate to the queue manager’s key database which has been signed by a certificate in the client’s truststore, and which has a label of the form»ibmwebspheremqqmname.«
Cause 3 Missing server signer on client
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2397’ (‘MQRC_JSSE_ERROR’)

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;
AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException[com.ibm.jsse2.util.g: PKIX path building failed :
java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Some Name,
O=IBM, L=Hursley, ST=Hampshire, C=UK is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Signature does not match.],3=localhost/127.0.0.1:1414
(localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection
.protocolConnect(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.connect(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
. 8 more
Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.;internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Some Name,
O=IBM, L=Hursley, ST=Hampshire, C=UK is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Signature does not match

Queue Manager
Error Logs		 AMQ9665: SSL connection closed by remote end of channel ‘. ‘.
Solution Add the certificate used to sign the queue manager’s personal certificate to the client’s truststore.
Cause 4 Missing client signer on server
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2397’ (‘MQRC_JSSE_ERROR’).

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host ‘localhost(1414)’ rejected.
[1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=java.net.SocketException[Software caused connection abort: socket write error],
3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]],
3=localhost(1414),5=RemoteTCPConnection.protocolConnect]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:2010)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1227)
at com.ibm.msg.client.wmq.internal.WMQConnection.
(WMQConnection.java:355)
. 6 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=java.net.SocketException[Software caused connection abort: socket write error],
3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
. 8 more
Caused by: java.net.SocketException: Software caused connection abort: socket write error
Queue Manager
Error Logs		 AMQ9633: Bad SSL certificate for channel ‘. ‘.
Solution Add the certificate used to sign the queue manager’s personal certificate to the client’s truststore.
Cause 5 Cipher spec mismatch
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2397’ (‘MQRC_JSSE_ERROR’).

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel ‘SYSTEM.DEF.SVRCONN’. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4322)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599)

Queue Manager
Error Logs		 AMQ9631: The CipherSpec negotiated during the SSL handshake does not match the required CipherSpec for channel ‘SYSTEM.DEF.SVRCONN’.
Solution Ensure that the cipher suite on the client matches the cipher spec on the queue manager’s server connection channel.
Cause 6 No cipher enabled on client
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2397’ (‘MQRC_JSSE_ERROR’).

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel ‘SYSTEM.DEF.SVRCONN’. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4322)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599)
Queue Manager
Error Logs		 AMQ9639: Remote channel ‘SYSTEM.DEF.SVRCONN’ did not specify a CipherSpec.
Solution Ensure that there is a cipher suite set on the client matching the cipher spec on the queue manager’s server connection channel.
Cause 7 No cipher enabled on queue manager’s server connection channel
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2397’ (‘MQRC_JSSE_ERROR’).

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel ‘SYSTEM.DEF.SVRCONN’. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4322)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
Queue Manager
Error Logs		 AMQ9635: Channel ‘SYSTEM.DEF.SVRCONN’ did not specify a valid CipherSpec.
Solution Ensure that there is a cipher spec on the queue manager’s server connection channel matching the cipher suite set on the client..
Cause 8 Using non-FIPS cipher, FIPS enabled on client (not on server)
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2393’ (‘MQRC_SSL_INITIALIZATION_ERROR’).

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed.
[1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode],
3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1748)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
. 8 more
Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite
SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode
at com.ibm.jsse2.q.a(q.java:84)
at com.ibm.jsse2.r.(r.java:75)
at com.ibm.jsse2.tc.setEnabledCipherSuites(tc.java:184)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1741)

Queue Manager
Error Logs		 No errors seen
Solution Either disable FIPS on the client or ensure both FIPS is enabled on the server and a FIPS-enabled cipher is being used.
Cause 9 Using non_FIPS cipher, FIPS enabled on server (not on client)
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2397’ (‘MQRC_JSSE_ERROR’).

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException[Received fatal alert: handshake_failure],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
. 8 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.ibm.jsse2.n.a(n.java:8)
Queue Manager
Error Logs		 AMQ9616: The CipherSpec proposed is not enabled on the SSL server.
Solution Either disable FIPS on the server or ensure both FIPS is enabled on the client and a FIPS-enabled cipher is being used.
Cause 10 Using FIPS cipher, FIPS not enabled on client
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2397’ (‘MQRC_JSSE_ERROR’).

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException[Received fatal alert: handshake_failure],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
. 8 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.n.a(n.java:8)

Queue Manager
Error Logs		 AMQ9616: The CipherSpec proposed is not enabled on the SSL server.
Solution Either enable FIPS on the client or ensure a non FIPS-enabled cipher is being used.
Cause 11 Using non_FIPS cipher, FIPS enabled at both ends
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2393’ (‘MQRC_SSL_INITIALIZATION_ERROR’).

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed.
[1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode], 3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1748)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
. 8 more
Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode at com.ibm.jsse2.q.a(q.java:84)

Queue Manager
Error Logs		 No errors seen..
Solution Either disable FIPS at both ends or ensure a FIPS-enabled cipher is being used.
Cause 12 Value of SSLPEER on client does not match personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2398’ (‘MQRC_SSL_PEER_NAME_MISMATCH’).

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2398;AMQ9636: SSL distinguished name does not match peer name, channel ‘?’.
[4=CN=Some Name, O=IBM, ST=Hampshire, C=UK]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1071)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)

Queue Manager
Error Logs		 No errors seen
Solution Ensure the value of SSLPEER matches the distinguished name of the personal certificate.
Cause 13 Value of SSLPEER on server does not match personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2059’ (‘MQRC_Q_MGR_NOT_AVAILABLE’).

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9643: Remote SSL peer name error for channel ‘SYSTEM.DEF.SVRCONN’. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4330)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
Queue Manager
Error Logs		 AMQ9636: SSL distinguished name does not match peer name, channel ‘SYSTEM.DEF.SVRCONN’.
Solution Ensure the value of SSLPEER matches the distinguished name of the personal certificate.
Cause 14 Listener not running on server
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2059’ (‘MQRC_Q_MGR_NOT_AVAILABLE’).

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9213: A communications error for occurred. [1=java.net.ConnectException[Connection refused: connect],3=localhost]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:663)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
. 8 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
Queue Manager
Error Logs		 No errors seen
Solution Start the listener on the queue manager.
Cause 15 Can not find client keystore
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2397’ (‘MQRC_JSSE_ERROR’).

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host ‘localhost(1414)’ rejected.
[1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]], 3=localhost(1414),5=RemoteTCPConnection.makeSocketSecure]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:2010)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1227)
at com.ibm.msg.client.wmq.internal.WMQConnection.(WMQConnection.java:355)
. 6 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1706)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
. 8 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket
(SSLSocketFactory.java:1)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1699)
. 13 more
Caused by: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at java.security.Provider$Service.newInstance(Provider.java:894)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:299)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:237)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory
(RemoteTCPConnection.java:2158)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1689)
. 13 more
Caused by: java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.lang.Exception: Keystore file does not exist: C:keystorewrongfile.jks

Queue Manager
Error Logs		 No errors seen
Solution Specify the correct name and location for the client keystore.
Cause 16 Client keystore password incorrect
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2397’ (‘MQRC_JSSE_ERROR’).

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1706)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
. 8 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:1)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1699)
. 13 more
Caused by: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at java.security.Provider$Service.newInstance(Provider.java:894)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:299)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:237)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory
(RemoteTCPConnection.java:2158)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1689)
. 13 more
Caused by: java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.io.IOException: Keystore was tampered with, or password was incorrect

Queue Manager
Error Logs		 No errors seen
Solution Specify the correct password for the client keystore.
Cause 17 Can not find client truststore
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2397’ (‘MQRC_JSSE_ERROR’).

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1706)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
. 8 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket
(SSLSocketFactory.java:1)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1699)
. 13 more
Caused by: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at java.security.Provider$Service.newInstance(Provider.java:894)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:299)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:237)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory
(RemoteTCPConnection.java:2158)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1689)
. 13 more
Caused by: java.lang.Exception: Truststore file does not exist: C:keystorewrongfile.jks
Queue Manager
Error Logs		 No errors seen..
Solution Specify the correct name and location for the client truststore.
Источник

Я пытаюсь настроить двухсторонний SSL, используя свой код Java. Я успешно делаю это одним способом: сертификат сервера проверяется с моей стороны, но когда дело доходит до двух способов, я получаю код ошибки 2.

Шаги, за которыми я следую:

  1. Создайте хранилище ключей с самозаверяющим сертификатом с помощью Keytool, разверните его в хранилище доверенных сертификатов сервера MQ.
  2. Создайте хранилище ключей для сервера MQ и создайте самозаверяющий сертификат.
  3. Разверните сертификат сервера MQ в моем хранилище доверенных сертификатов.

Затем я пытаюсь запустить свой Java-код. Это отлично работает без SSL или одностороннего SSL. Но двустороннее рукопожатие в случае сбоя. Ниже приведен код и трассировка стека:

    //code to create MQ connectivity
    public static void main(String [] args){
    System.setProperty("javax.net.debug","ssl");
    //keystore path
    System.setProperty("javax.net.ssl.keyStore", "C:/keystores/keystore.jks");              
    System.setProperty("javax.net.ssl.keyStorePassword", "password");
    //trsutstore path
    System.setProperty("javax.net.ssl.trustStore", "C:/keystores/truststore.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");
    //cipher spec          
     MQEnvironment.sslCipherSuite = "SSL_RSA_WITH_NULL_MD5";
     MQEnvironment.hostname = "*****-ws3717";//system name
     MQEnvironment.port = 1414;
     MQEnvironment.channel = "channel_name";//channel name
     MQQueueManager qm = null;
     try {  qm = new MQQueueManager("QMNGR");
         System.out.println("Conn Successs!!!");
     } catch (MQException e) {
         e.printStackTrace();
     } 
     finally {
         try {
             qm.disconnect();
         } catch (Exception e) {
             e.printStackTrace();
             e.getCause();
         }
     }
     } }

Трассировка стека выглядит следующим образом:

keyStore is : C:/keystores/keystore.jks
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
***
found key for : selfsigned
chain [0] = [
[
  Version: V3
  Subject: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key:  Sun RSA public key, 1024 bits
  modulus: 132473562370742919150140985227175013875110053845431438145351913928668686945002725183702560702247749924970161010103451411451345824467592557656888776558245848713650717773344294766986771753500118311618188922138349812131167438364266468003061810102502957510761089213138803410346480285664890149111581898928681089463
  public exponent: 65537
  Validity: [From: Fri May 25 13:54:00 IST 2012,
               To: Sat May 25 13:54:00 IST 2013]
  Issuer: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  SerialNumber: [    4fbf41a0]
]
  Algorithm: [MD5withRSA]
  Signature:
0000: 46 D0 CC DF AB 5F 6F D3   37 33 E1 64 F7 1B F7 3F  F...._o.73.d...?
0010: 98 95 06 09 F9 84 C8 3A   65 CF A7 24 BB 46 95 DF  .......:e..$.F..
0020: 8B 30 F2 BC 5C F9 CC 31   E4 36 53 43 BB 50 1B EF  .0....1.6SC.P..
0030: 8C 9B DB C0 41 C9 2C 37   AD B6 1D 30 BF 6E 75 E4  ....A.,7...0.nu.
0040: A9 05 E7 30 5A B1 30 84   6B 8E B7 7A 83 2D 33 01  ...0Z.0.k..z.-3.
0050: A1 44 86 A0 11 30 C3 4D   5B 68 7E 0B 09 48 03 CC  .D...0.M[h...H..
0060: DF C5 97 AD 87 40 DC 2A   9A 3D ED FC 27 D3 8B 4F  .....@.*.=..'..O
0070: F0 21 02 E8 62 6B 05 63   57 BB E8 4D 33 EA 35 9E  .!..bk.cW..M3.5.
]
***
trustStore is: C:keystorestruststore.jks
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Issuer:  CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Algorithm: RSA; Serial number: 0x4fbf4261
  Valid from Fri May 25 13:57:13 IST 2012 until Sat May 25 13:57:13 IST 2013
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, SSLv3
RandomCookie:  GMT: 1321485794 bytes = { 138, 193, 95, 113, 86, 252, 250, 50, 154, 121, 73, 8, 93, 116, 115, 184, 182, 142, 240, 205, 15, 250, 172, 171, 111, 5, 122, 52 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_NULL_MD5]
Compression Methods:  { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
***
main, WRITE: SSLv3 Handshake, length = 52
main, READ: SSLv3 Handshake, length = 4875
*** ServerHello, SSLv3
RandomCookie:  GMT: 1321485794 bytes = { 250, 173, 248, 90, 241, 136, 107, 119, 99, 92, 80, 19, 223, 223, 152, 131, 216, 115, 242, 56, 198, 135, 156, 111, 210, 234, 220, 103 }
Session ID:  {240, 31, 0, 0, 80, 56, 194, 89, 112, 238, 203, 154, 79, 75, 68, 48, 106, 203, 19, 130, 88, 88, 88, 88, 226, 70, 196, 79, 13, 0, 0, 0}
Cipher Suite: SSL_RSA_WITH_NULL_MD5
Compression Method: 0
***
Warning: No renegotiation indication extension in ServerHello
%% Created:  [Session-1, SSL_RSA_WITH_NULL_MD5]
** SSL_RSA_WITH_NULL_MD5
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key:  Sun RSA public key, 1024 bits
  modulus: 105605049659295333895264877648371480987144339115417104117025065956957634413900327625548229515098843172709660865042903412409581107015480309223474293490705595126088958625491899627683399717294708677347640098462040771799700233921554682196524988217754821345297656825451441457385676164016790486091736694366149540953
  public exponent: 65537
  Validity: [From: Fri May 25 13:57:13 IST 2012,
               To: Sat May 25 13:57:13 IST 2013]
  Issuer: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  SerialNumber: [    4fbf4261]
]
  Algorithm: [MD5withRSA]
  Signature:
0000: 81 F5 2C 2A 77 63 F1 CD   D8 31 E1 BE B5 9B 28 C5  ..,*wc...1....(.
0010: 6B EA 24 BB 5C 3D EB D0   EB E3 86 2E D7 1C 0D 92  k.$.=..........
0020: 36 A2 79 13 BC 74 40 C4   BF 7C F7 1B 05 8C 6B CF  6.y..t@.......k.
0030: EB 2C C2 0D E3 40 F7 F0   95 66 B6 85 AE 84 66 C9  .,...@...f....f.
0040: B7 C5 29 BE 71 1F 28 C0   83 1C 94 41 08 2A 44 45  ..).q.(....A.*DE
0050: 99 FD C5 77 28 26 FC 50   A3 69 32 BD F5 8B 0C A6  ...w(&.P.i2.....
0060: 13 21 0F BA B2 C6 A2 71   18 17 94 31 3B 7E 88 63  .!.....q...1;..c
0070: C0 01 76 DC 60 47 BB 3F   2F 7E 2A 73 84 DA 60 79  ..v.`G.?/.*s..`y
]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key:  Sun RSA public key, 1024 bits
  modulus: 105605049659295333895264877648371480987144339115417104117025065956957634413900327625548229515098843172709660865042903412409581107015480309223474293490705595126088958625491899627683399717294708677347640098462040771799700233921554682196524988217754821345297656825451441457385676164016790486091736694366149540953
  public exponent: 65537
  Validity: [From: Fri May 25 13:57:13 IST 2012,
               To: Sat May 25 13:57:13 IST 2013]
  Issuer: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  SerialNumber: [    4fbf4261]
]
  Algorithm: [MD5withRSA]
  Signature:
0000: 81 F5 2C 2A 77 63 F1 CD   D8 31 E1 BE B5 9B 28 C5  ..,*wc...1....(.
0010: 6B EA 24 BB 5C 3D EB D0   EB E3 86 2E D7 1C 0D 92  k.$.=..........
0020: 36 A2 79 13 BC 74 40 C4   BF 7C F7 1B 05 8C 6B CF  6.y..t@.......k.
0030: EB 2C C2 0D E3 40 F7 F0   95 66 B6 85 AE 84 66 C9  .,...@...f....f.
0040: B7 C5 29 BE 71 1F 28 C0   83 1C 94 41 08 2A 44 45  ..).q.(....A.*DE
0050: 99 FD C5 77 28 26 FC 50   A3 69 32 BD F5 8B 0C A6  ...w(&.P.i2.....
0060: 13 21 0F BA B2 C6 A2 71   18 17 94 31 3B 7E 88 63  .!.....q...1;..c
0070: C0 01 76 DC 60 47 BB 3F   2F 7E 2A 73 84 DA 60 79  ..v.`G.?/.*s..`y
]
*** CertificateRequest
Cert Types: RSA
Cert Authorities:
<EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
<EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
<EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=VeriSign Class 4 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 4 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=VeriSign Class 3 Secure Server CA, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US>
<CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net>
<CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US>
<CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net>
<CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN>
*** ServerHelloDone
matching alias: selfsigned
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  Sun RSA public key, 1024 bits
  modulus: 132473562370742919150140985227175013875110053845431438145351913928668686945002725183702560702247749924970161010103451411451345824467592557656888776558245848713650717773344294766986771753500118311618188922138349812131167438364266468003061810102502957510761089213138803410346480285664890149111581898928681089463
  public exponent: 65537
  Validity: [From: Fri May 25 13:54:00 IST 2012,
               To: Sat May 25 13:54:00 IST 2013]
  Issuer: CN=Pooja Joshi, OU=SGW, O=SUNGARD, L=PUNE, ST=MH, C=IN
  SerialNumber: [    4fbf41a0]
]
  Algorithm: [MD5withRSA]
  Signature:
0000: 46 D0 CC DF AB 5F 6F D3   37 33 E1 64 F7 1B F7 3F  F...._o.73.d...?
0010: 98 95 06 09 F9 84 C8 3A   65 CF A7 24 BB 46 95 DF  .......:e..$.F..
0020: 8B 30 F2 BC 5C F9 CC 31   E4 36 53 43 BB 50 1B EF  .0....1.6SC.P..
0030: 8C 9B DB C0 41 C9 2C 37   AD B6 1D 30 BF 6E 75 E4  ....A.,7...0.nu.
0040: A9 05 E7 30 5A B1 30 84   6B 8E B7 7A 83 2D 33 01  ...0Z.0.k..z.-3.
0050: A1 44 86 A0 11 30 C3 4D   5B 68 7E 0B 09 48 03 CC  .D...0.M[h...H..
0060: DF C5 97 AD 87 40 DC 2A   9A 3D ED FC 27 D3 8B 4F  .....@.*.=..'..O
0070: F0 21 02 E8 62 6B 05 63   57 BB E8 4D 33 EA 35 9E  .!..bk.cW..M3.5.
]
***
*** ClientKeyExchange, RSA PreMasterSecret, SSLv3
main, WRITE: SSLv3 Handshake, length = 711
SESSION KEYGEN:
PreMaster Secret:
0000: 03 00 3D 04 C8 EF 08 83   A4 EF 85 1C D9 96 A0 77  ..=............w
0010: 32 2A A5 43 14 98 11 6F   DD 01 52 73 4D DF B4 5A  2*.C...o..RsM..Z
0020: C5 2E FC 2A C0 F6 C2 9B   11 23 B2 C0 7B 59 E8 96  ...*.....#...Y..
CONNECTION KEYGEN:
Client Nonce:
0000: 4F C4 46 E2 8A C1 5F 71   56 FC FA 32 9A 79 49 08  O.F..._qV..2.yI.
0010: 5D 74 73 B8 B6 8E F0 CD   0F FA AC AB 6F 05 7A 34  ]ts.........o.z4
Server Nonce:
0000: 4F C4 46 E2 FA AD F8 5A   F1 88 6B 77 63 5C 50 13  O.F....Z..kwcP.
0010: DF DF 98 83 D8 73 F2 38   C6 87 9C 6F D2 EA DC 67  .....s.8...o...g
Master Secret:
0000: C0 20 A8 BC D1 A7 06 B0   C5 07 CA A7 83 C5 35 9E  . ............5.
0010: 20 AB B6 28 8C 7E EF 14   CB 9D C1 ED C5 62 F8 A1   ..(.........b..
0020: 6A DE 9F AF 16 5B 2F 1D   21 8F A3 2C F7 B9 3D 36  j....[/.!..,..=6
Client MAC write Secret:
0000: 09 E8 CE 6C D1 2D 43 86   7E 74 1C 5F 68 DA E2 AE  ...l.-C..t._h...
Server MAC write Secret:
0000: CE 62 DA F7 2C F2 2B 4A   AD 47 8F 61 BD 58 51 BD  .b..,.+J.G.a.XQ.
... no encryption keys used
... no IV used for this cipher
*** CertificateVerify
main, WRITE: SSLv3 Handshake, length = 134
main, WRITE: SSLv3 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 4, 127, 139, 212, 93, 181, 170, 62, 121, 196, 243, 156, 251, 103, 206, 222, 2, 10, 84, 35, 186, 251, 144, 6, 31, 97, 135, 179, 160, 127, 204, 93, 100, 140, 74, 79 }
***
main, WRITE: SSLv3 Handshake, length = 56
main, waiting for close_notify or alert: state 1
main, Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
MQJE001: An MQException occurred: Completion Code 2, Reason 2397
MQJE030: IOException during security flows
MQJE001: Completion Code 2, Reason 2397
com.ibm.mq.MQException: MQJE001: Completion Code 2, Reason 2397
    at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:219)
    at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:318)
    at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:338)
    at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:84)
    at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:168)
    at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:772)
    at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:697)
    at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:657)
    at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:153)
    at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:451)
    at com.test.SSlTest.main(SSlTest.java:68)
Caused by: java.net.SocketException: Software caused connection abort: recv failed
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.read(SocketInputStream.java:129)
    at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1493)
    at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103)
    at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:689)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:985)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:904)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:238)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
    at com.ibm.mq.SSLHelper.configureSSLSocket(SSLHelper.java:567)
    at com.ibm.mq.SSLHelper.createSSLSocket(SSLHelper.java:150)
    at com.ibm.mq.MQInternalCommunications.createSocketConnection(MQInternalCommunications.java:2264)
    at com.ibm.mq.MQv6InternalCommunications$1.run(MQv6InternalCommunications.java:157)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.ibm.mq.MQv6InternalCommunications.initialize(MQv6InternalCommunications.java:154)
    at com.ibm.mq.MQv6InternalCommunications.<init>(MQv6InternalCommunications.java:102)
    at com.ibm.mq.MQSESSIONClient.MQCONNX(MQSESSIONClient.java:1337)
    at com.ibm.mq.MQSESSIONClient.MQCONN(MQSESSIONClient.java:1246)
    at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:184)
    ... 10 more

Пожалуйста, помогите мне ….

Источник

Я настраиваю соединение MQ в файле jetty-env.xml как:

<New id = "myJmsConnection" class = "org.eclipse.jetty.plus.jndi.Resource">
    <Arg><Ref refid = "wac"/></Arg>
    <Arg>jms/mymq</Arg>
    <Arg>
           <New class = "com.ibm.mq.jms.MQConnectionFactory">
                <Set name = "connectionNameList">x.x.x.x</Set>
                <Set name = "port">xxx</Set>
                <Set name = "queueManager">xxx</Set>
                <Set name = "channel">xxx.CHANNEL</Set>
                <Set name = "transportType">1</Set>
                <Set name = "SSLCipherSuite">xxxx</Set>
        </New>
    </Arg>
  </New>

С приведенной выше конфигурацией, когда я запускаю причал, я получаю эту ошибку
вложенное исключение — com.ibm.mq.MQException: JMSCMQ0001: вызов WebSphere MQ завершился неудачно с кодом компиляции ‘2’ (‘MQCC_FAILED’), причина ‘2397’ (‘MQRC_JSSE_ERROR’)

Но те же значения конфигурации, когда я использую в своем коде для подключения MQ, я могу установить соединение

@Bean(name = "MQConnectionFactory")
    public ConnectionFactory connectionFactory() {

        if (factory == null) {
            factory = new MQConnectionFactory();
            try {
                factory.setConnectionNameList(env.getRequiredProperty(HOST));
                factory.setPort(Integer.parseInt(env.getRequiredProperty(PORT)));            
                factory.setQueueManager(env.getRequiredProperty(QUEUE_MANAGER));
                factory.setChannel(env.getRequiredProperty(CHANNEL));
                factory.setTransportType(WMQConstants.WMQ_CM_CLIENT);
                factory.setSSLCipherSuite(env.getRequiredProperty(SSL_CIPHER_SUITE));
                factory.setStringProperty(WMQConstants.USERID, env.getRequiredProperty(QUEUE_USERID));
                factory.setStringProperty(WMQConstants.PASSWORD, env.getRequiredProperty(QUEUE_PASSWORD));

            } catch (JMSException e) {
                throw new RuntimeException(e);
            }
        }
        return factory;
    }

Мой вопрос в том, почему подключение работает из кода Java, но выдает исключение MQ при настройке в jetty-env.xml?

Источник

Понравилась статья? Поделить с друзьями:
  • Ibexpert проверка базы данных на ошибки
  • Ibexpert sql error code 104
  • Ibexpert gds32 dll ошибка
  • Iaudioclient initialize ошибка aimp
  • Iastorvd sys ошибка при установке windows 7