0

OS Solaris 10.

I have java 8 and IBM MQ 8.0.0.5 installed on my machine. I have defined one svrconn connection and I also have a java client. I am trying to enable SSL authentication between java client and IBM MQ server but I am getting below error :

JMSCC0001.FDC PID:16798

JMS Common Client First Failure Symptom Report


Product          :- IBM WebSphere MQ classes for JMS
Date/Time        :- Wed Aug 28 09:24:59 GMT 2019
System time      :- 1566984299972
Operating System :- SunOS
UserID           :- root
Java Vendor      :- Oracle Corporation
Java Version     :- 25.191-b12

Source Class     :- com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection
Source Method    :- getNonFipsSocketFactory()
ProbeID          :- 03
Thread           :- name=xxx priority=5 group=main ccl=sun.misc.Launcher$AppClassLoader@6e0be858

                                      Data
                                      ----

|   Description        :-  Cannot open keystore file
|   Exception message  :-  Invalid keystore format

                              Version information
                              -------------------

IBM WebSphere MQ JMS Provider
8.0.0.5
p800-005-160516.2
Production
Component Title: IBM WebSphere MQ JMS Provider
Component Name:  com.ibm.msg.client.wmq
Version:         8.0.0.5
Class Name:      class com.ibm.msg.client.wmq.factories.WMQComponent
CMVC:            p800-005-160516.2
Jar location:    file:/opt/mqm/java/lib/com.ibm.mqjms.jar
Factory Class:   class com.ibm.msg.client.wmq.factories.WMQFactoryFactory

I can run /opt/mqm/bin/runmqckm utility to list all the certificate stored in keystore but java client is still throwing error.

JoshMc
  • 10,239
  • 2
  • 19
  • 38
rigga
  • 43
  • 7
  • How do you provide the key store name to the java app? What is the full `runmqckm` you use to view the contents? – JoshMc Aug 28 '19 at 13:26
  • From what I know, your keystore need to be a jks for the java client, not for the MQ server. Are you sure the client keystore is indeed a jks ? One of the easiest way to test it is to try to use MQExplorer as your Java Client. – jdel Aug 28 '19 at 15:10
  • ERR JMSException: JMSWMQ0018: Failed to connect to queue manager 'xxxxx' with connection mode 'Client' and host name 'null'. Thu Aug 29 05:14:26 2019 ERR Ops!com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager xxxx with connection mode 'Client' and host name 'null'. Check the queue manager is started and if running in client mode, – rigga Aug 29 '19 at 05:30
  • when I set TLS_RSA_WITH_AES_256_CBC_SHA256 as ciphersuit and cipherspec ,I get above error in java client log. If while starting java client ,I put -Dcom.ibm.mq.cfg.useIBMCipherMappings=false as JVM argument then FFDC file is created stating invalid keystore so I removed that line and started java client but again I received above error. So should I set -Dcom.ibm.mq.cfg.useIBMCipherMappings=false as jvm argument or not ? I used TLS_RSA_WITH_AES_256_CBC_SHA256 as well as TLS_RSA_WITH_AES_128_CBC_SHA but both doesn't seems to be working. – rigga Aug 29 '19 at 05:30
  • Yes I am using JCEKS as keystore and use /opt/mqm/bin/runmqckm -cert -list -db key.jck -type jceks -pw xxxx to see the contents – rigga Aug 29 '19 at 05:31
  • Why are you using a JCEKS keystore and not a JKS keystore? – Morag Hughson Aug 29 '19 at 07:33
  • I am using "runmqckm -keydb -create -db key.jck -pw xxxxx -type jceks" to create keystore. The same thing was working till IBM MQ 7.5 but after upgrading to 8.0.0.5,it's throwing error. – rigga Aug 29 '19 at 08:38
  • Try with a jks instead. – JoshMc Aug 29 '19 at 08:53
  • `com.ibm.mq.cfg.useIBMCipherMappings=false` is required if you are not using a IBM java. – JoshMc Aug 29 '19 at 08:56
  • created jks format as well but still getting the same error – rigga Aug 29 '19 at 10:42
  • Not clear what error you got or what settings you had for the last round. – JoshMc Aug 30 '19 at 07:16
  • UserID :- root Java Vendor :- Oracle Corporation Java Version :- 25.191-b12 Source Class :- com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection Source Method :- getNonFipsSocketFactory() ProbeID :- 03 Thread :- name=xxxx priority=5 group=main ccl=sun.misc.Launcher$AppClassLoader@6e0be858 Data ---- | Description :- Cannot open keystore file | Exception message :- Invalid keystore format – rigga Sep 03 '19 at 03:46
  • getting invalid keystore format.I tried with JKS as well as JCEKS keystore but both the time same error at java client side. I am using TLS_RSA_WITH_AES_256_CBC_SHA256 as sslciphersuit/sslcipher .I used /opt/mqm/bin/runmqckm and oracle java 8 to create keystore. – rigga Sep 03 '19 at 03:48
  • 1. runmqckm -keydb -create -db key.jck -pw xxx -type JKS no issue here. 2. runmqckm -cert -export -db /mqDir/key.kdb -pw xxx -label javaclient -target key.jck -target_pw xxx -type JKS An IO Exception has occurred: Invalid keystore format . Correct command to export certificate would be runmqckm -cert -export -db /mqDir/key.kdb -type CMS -pw xxx -label javaclient -target key.jck -target_pw xxx -target-type JKS – rigga Sep 10 '19 at 06:21

0 Answers0