配置IBM Websphere Mq服务器和Java客户端以创建SSL连接
我需要在IBM MQ Qmanager和Java客户机之间创建SSL连接。为了使用IBM密钥管理GUI实现这一点配置IBM Websphere Mq服务器和Java客户端以创建SSL连接,java,ssl,ibm-mq,Java,Ssl,Ibm Mq,我需要在IBM MQ Qmanager和Java客户机之间创建SSL连接。为了使用IBM密钥管理GUI实现这一点 为QManager创建key.dkb并向其中添加自签名证书 然后我提取了那个证书 创建了trustStore.jks文件,并在signer certificated下添加了先前提取的cert.arm 将key.dkb的路径放到Qmanager->SSL,然后选择合适的密码电路 在Java中,客户端将System.property添加到trustStore.jks 当我运行程序时,我得
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:203)
... 10 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host '127.0.0.1(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]],3=127.0.0.1(1414),5=RemoteTCPConnection.protocolConnect]
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2282)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1294)
at com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:376)
at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:560)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:345)
... 9 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1329)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:863)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:409)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:305)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:146)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1730)
... 13 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1298)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1290)
at java.security.AccessController.doPrivileged(Native Method)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1290)
... 18 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
... 25 more
由以下原因引起:com.ibm.mq.MQException:JMSCMQ0001:WebSphere mq调用失败,代码为“2”(“MQCC_失败”)原因为“2397”(“MQRC_JSSE_错误”)。
位于com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:203)
... 10多
原因:com.ibm.mq.jmqi.jmqi异常:CC=2;RC=2397;AMQ9204:与主机“127.0.0.1(1414)”的连接被拒绝。[1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771:SSL握手失败。[1=javax.net.SSL.SSLHandshakeException[握手期间远程主机关闭连接],3=localhost/127.0.0.1:1414(localhost),4=SSLSocket.startHandshake,5=default]],3=127.0.0.1(1414),5=RemoteTCPConnection.protocolConnect]
位于com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2282)
位于com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1294)
在com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:376)
位于com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:560)
位于com.ibm.msg.client.wmq.internal.WMQConnection.(WMQConnection.java:345)
... 9更多
原因:com.ibm.mq.jmqi.jmqi异常:CC=2;RC=2397;AMQ9771:SSL握手失败。[1=javax.net.ssl.SSLHandshakeException[握手期间远程主机关闭连接],3=localhost/127.0.0.1:1414(localhost),4=SSLSocket.startHandshake,5=default]
位于com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1329)
位于com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:863)
位于com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:409)
位于com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:305)
位于com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:146)
位于com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1730)
... 还有13个
原因:javax.net.ssl.SSLHandshakeException:握手期间远程主机关闭连接
位于sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
位于sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
位于sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
位于sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
在com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1298)
在com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1290)
位于java.security.AccessController.doPrivileged(本机方法)
位于com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1290)
... 还有18个
原因:java.io.EOFException:SSL对等机错误关闭
位于sun.security.ssl.InputRecord.read(InputRecord.java:505)
位于sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
... 25多
基本上这意味着Qmanager没有由trustStore签署的证书。
所以我想我在制作自签名证书和信任库的过程中错过了一些东西
有人可以帮助我创建自签名证书,以便使用IBM密钥管理GUI工具与java客户端建立SSL连接吗?我可以通过
我刚刚在Qmanager密钥库中运行了mqcertck命令,发现它没有对key.kdb的读取权限。在使用chmod授予读取权限后,问题得到解决 通常,key.*文件应由具有600权限的mqm拥有,以便只有mqm用户可以读取key*文件。您可以使用
chown mqm:mqm key.*
和chmod 600 key.*
来完成此操作。