1. 首頁
  2. 問答
  3. 配置IBM Websphere Mq服務器和Java客戶端以創建SSL連接

配置IBM Websphere Mq服務器和Java客戶端以創建SSL連接

2017-03-18 203 views
1

我需要在IBM MQ Qmanager和Java客戶端之間創建SSL連接。爲了使用IBM Key Management GUI執行此操作,配置IBM Websphere Mq服務器和Java客戶端以創建SSL連接

  1. 爲QManager創建key.dkb並向其添加自簽名證書。
  2. 然後我提取證書。(cert.arm)
  3. 創建了trustStore.jks文件並在簽名者證書下添加了先前提取的cert.arm。
  4. 將key.dkb的路徑設置爲Qmanager-> SSL並選擇合適的ciphersuit。
  5. 在Java客戶端中將System.property添加到trustStore.jks。

當我運行該程序時,我得到了一個例外如下。

Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR'). 
     at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:203) 
     ... 10 more 
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host '127.0.0.1(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]],3=127.0.0.1(1414),5=RemoteTCPConnection.protocolConnect] 
     at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2282) 
     at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1294) 
     at com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:376) 
     at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:560) 
     at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:345) 
     ... 9 more 
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default] 
     at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1329) 
     at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:863) 
     at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:409) 
     at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:305) 
     at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:146) 
     at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1730) 
     ... 13 more 
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 
     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992) 
     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) 
     at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) 
     at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) 
     at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1298) 
     at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1290) 
     at java.security.AccessController.doPrivileged(Native Method) 
     at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1290) 
     ... 18 more 
Caused by: java.io.EOFException: SSL peer shut down incorrectly 
     at sun.security.ssl.InputRecord.read(InputRecord.java:505) 
     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) 
     ... 25 more

基本上這意味着Qmanager沒有由trustStore簽名的證書。 所以我想我在製作自簽名證書和信任庫的時候錯過了一些東西。

有人可以幫助我創建自簽名證書,以使用IBM Key Management GUI工具與java客戶端建立SSL連接嗎?

來源

2017-03-18 Chanaka Balasooriya

回答

1

我可以解決通過ibm mq troubleshooting guide

去的問題,我只是在我的Qmanager密鑰存儲庫運行mqcertck命令,發現它並沒有讀取訪問key.kdb的。給讀取訪問使用chmod問題解決後。

來源

2017-03-18 17:30:14

+0

通常,key。*文件應由mqm擁有600個權限,以便只有mqm用戶才能讀取key *文件。你可以使用'chown mqm:mqm key。*'和'chmod 600 key。*'來完成這個任務。 – JoshMc

相關問題

 相關問題