Error Accessing Socket Streams
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support
MQSeries.net Forum Index » General IBM MQ Support » SSL problem cannot recover key (error Code 2059:) help me SSL problem cannot recover key (error Code 2059:) help me « View previous topic :: View next topic » Author Message 007_pandi Posted: Mon Nov 22, 2004 5:11 am Post subject: SSL problem cannot recover key (error Code 2059:) help me NoviceJoined: 29 Jul 2002Posts: 23 Hi, my req is to implement SSL on my application. MQ Client application is running on Solaris MQ Qmgr is running on Windows xp. The following things has been done: 1. I have got the personal certificate from 3rd party ( for Qmgr Server) and Assigned it to QMgr running on Windows XP. 2. Generated self-signed certicate in solaris m/c using java keytool . (MQClient is running on Solaris). 3. Extracted publickey from the above certicate to a file and added that file to Qmgr keyrepository (QMgr is running on Windows xp). 4. Exported the server side Personal certificate (got at step 1) to a file and import it to solaris m/c using keytool and assigned to cacerts in java directory. 5.Created serverconnection channel and client connection channel in Qmgr (running on Windows xp) and copyied the channeltab file to solaris m/c . Define channel(test) chltype(svrconn) trptype(tcp) sslciph(TRIPLE_DES_SHA_US) Define channel(test) chltype(clntconn) trptype(tcp) connname(101.102.103.104) QMname(MYQM) sslciph(TRIPLE_DES_SHA_US) 6. My client java program uses MQEnvironemnt variable to connect to QMgr (running on Windows XP). Before implementing SSL, no problem in execution. But after implemented SSL, it is not able to connect to QM and throwing following error in MQ log AMQ9639: Remote channel TEST' did not specify a CipherSpec. EXPLANATION: Remote channel TEST'did not specify a CipherSpec when the local channel expected one to be specified. The channel did not start. ACTION: Change the remote channel TEST'to specify a CipherSpec so that both ends of the channel have matching CipherSpecs. Error in Telnet window : (Standalone java client app running) MQJE001: An MQException occurred: Completion Code 2, Reason 2009 MQJE016: MQ queue manager closed channel immediately during connect Closure reason = 2009 MQJE001: An MQException occurred: Completion Code 2, Reason 2009 MQJE016: MQ queue manager closed channel immediately dThis Site Careers Other all forums Forum: WebSphere MQ ssl problem in Linux Suresh Achary Greenhorn Posts: 9 posted 6 years ago Hi, I am trying to put a message into mq. MQ server is running of a Linux machine. When I run the below client program from Windows XP, I am able to successfully put the message, but when I try to run http://mqseries.net/phpBB/viewtopic.php?p=79153&sid=71473d1a0100d700d290a2535f87ae1c the java program and put the message from a Linux machine, I am getting an error as given. Please help. JDK version 1.5 MQ version 6.0.2 public static void main(String[] args) { String QMgrName= null; String QName = null; MQQueueManager qMgr = null; MQQueue q = null; int openOptions; https://coderanch.com/t/469013/Websphere/MQ-ssl-Linux try { MQEnvironment.hostname = "10.0.0.2"; MQEnvironment.channel = "SURESHCHANNEL"; MQEnvironment.port = 1414; System.setProperty("javax.net.ssl.trustStore","/home/suresh/mq/SureshTrustStore.jks"); System.setProperty("javax.net.ssl.trustStorePassword","Password1"); System.setProperty("javax.net.ssl.keyStore","/home/suresh/mq/sureshkeystore.p12"); System.setProperty("javax.net.ssl.keyStorePassword","password1"); System.setProperty("javax.net.ssl.keyStoreType","pkcs12"); System.out.println("SSL properties set"); MQEnvironment.sslCipherSuite = "SSL_SURESH"; MQEnvironment.sslPeerName = "CN=sureshtest"; MQEnvironment.userID = "suresh"; QMgrName = "SURESHQMGR"; QName = "SURESHQ"; qMgr = new MQQueueManager(QMgrName); openOptions = MQC.MQOO_INPUT_AS_Q_DEF | MQC.MQOO_INQUIRE | MQC.MQOO_OUTPUT ; if(qMgr.isConnected()) System.out.println("Successfully connected to "+QMgrName+" !"); else System.out.println("Unable to connect to "+QMgrName+" !"); q = qMgr.accessQueue(QName, openOptions, null, null, null); MQMessage myMsg = new MQMessage(); myMsg.writeString("MQ Test Message"); q.put(myMsg); System.out.println("Message put to queue"); q.close(); qMgr.disconnect(); } catch(Exception e) { e.printStackTrace(); } Error log is pasted below. Please help MQJE001: An MQException occurred: Completion Code 2, Reason 2059 MQJE013: Error accessing socket streams MQJE001: An MQException occurred: Completion Code 2, Reason 2059 MQJE013: Error accessing socket streams com.ibm.mq.MQException: MQJE001: An MQException occurred: Completion Code 2, Reason 2059 MQJE013: Error accessing socket streams        at com.ibm.mq.MQManagedConnectionJ11.
PROTECTED]> wrote: > Samuel, > > When the JAVA key store was created, it should've > been created with a > password. Believe or not, the default password is https://www.mail-archive.com/mqseries@listserv.meduniwien.ac.at/msg02525.html > changeit. > > As far as the javax.net.ssl.keyStore, in the JAVA > environment, https://www.mail-archive.com/mqseries@akh-wien.ac.at/msg15366.html the > keystore is where the digital certificates are > stored. > > The way I learned to work with JAVA clients with > SSL certificates is from > an excellent article from Kareem Yusuf of IBM. The > link to the article is > http://www-106.ibm.com/developerworks/websphere/techjournal/0211_yusuf/yusuf > .html. > > The title mentions JMS clients, but error accessing the same holds > true for JAVA clients. > > > HTH, > > John Dawson > WMQ Infrastructure Computing Core Systems > > Office: 972-281-4016 > E-mail: [EMAIL PROTECTED] > > -----Original Message----- > From: MQSeries List > [mailto:[EMAIL PROTECTED] On > Behalf > Of W Samuel > Sent: Thursday, May 19, 2005 7:36 AM > To: MQSERIES@LISTSERV.MEDUNIWIEN.AC.AT > Subject: Re: SSL with SVRCONN channels > > John, > > error accessing socket > I get a different error : > MQJE001: An MQException occurred: Completion Code 2, > Reason 2059 > MQJE013: Error accessing socket streams > MQJE001: Completion Code 2, Reason 2059 > null > Exception in thread "main" > java.lang.NullPointerException > at > QueueToFile.ReadQueue(QueueToFile.java:95) > at QueueToFile.main(QueueToFile.java:34) > > Can you tell me what password should be supplied for > javax.net.ssl.trustStorePassword and > javax.net.ssl.keyStorePassword ? Should these be the > same? > > Also what does javax.net.ssl.keyStore refer to? > > Thanks > Samuel > > > > > > > --- "Dawson, John" <[EMAIL PROTECTED]> > wrote: > > > Samuel, > > > > Please try: > > > > > > System.setProperty("javax.net.ssl.trustStore", > > "C:\\j2sdk1.4.2_03\\jre\\lib\\security\\cacerts") > ; > > > System.setProperty("javax.net.ssl.trustStorePassword", > > "changeit") ; > > System.setProperty("javax.net.ssl.keyStore", > > > "C:\\WMQClients\\Certificates\\PersonalCertificate01-23-2005.pfx") > > ; > > > System.setProperty("javax.net.ssl.keyStorePassword", > > "changeit") ; > > System.setProperty("javax.net.ssl.keyStoreType", > > "pkcs12"); > > > > MQEnvironment.sslCipherSuite = > > "SSL_RSA_WITH_3DES_EDE_CBC_SHA"; > > MQEnvironment.hostname = "111.222.333.444" ; > > MQEnvironment.channel = "MQCONNX.SVRCONN"; > > MQEnvironment.port = 9999 ; > > MQEnvironment.userID = "mqmuser" ; > > > > > MQEnvironment.properties.put(MQC.TRANSPORT_PROPERTY, > > > > MQC.TRANSPORT_MQSERIES) ; > > > > > > > > HTH, > > > > John Daw
Windows NT and AIX. I have done this succesfuly with JKS format of keystore. But I am struggling with keystore of PKCS12 format. I created keystore of PKCS12 format using IBM's Ikeyman tool & imported keys from certficates( demo certificates installed in IE from GlobalSIgn). Also I used following JVM that I got from Webshphere installation. *********************************************************** java version "1.3.1" Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1) Classic VM (build 1.3.1, J2RE 1.3.1 IBM Windows 32 build cn131-20021107 (JIT enabled: jitc)) ******************************************************** After that I was able to read PKCS12 keystore with your programs (SSOKeyStore.java) With this JVM when I executed program then I got runtime error message ******************************************************** Setting up MQ environment Connecting Queue Manager java.lang.RuntimeException: Invalid keystore format at com.ibm.jsse.bb.engineInit(Unknown Source) at javax.net.ssl.TrustManagerFactory.init(Unknown Source) at javax.net.ssl.SSLSocketFactory.getDefault(Unknown Source) at com.ibm.mq.SSLHelper.createSSLSocket(SSLHelper.java:112) at com.ibm.mq.MQInternalCommunications.createSocketConnection(MQInternal Communications.java:1128) at com.ibm.mq.MQInternalCommunications.access$000(MQInternalCommunications.java:110) at com.ibm.mq.MQInternalCommunications$1.run(MQInternalCommunications.ja va:444) at java.security.AccessController.doPrivileged(Native Method) at com.ibm.mq.MQInternalCommunications.