connecting to ibm MQ with TLS

  Kiến thức lập trình

I get an error when trying to connect to ibm mq:

javax.net.ssl|ERROR|10|main|2024-07-11 15:28:58.816 MSK|TransportContext.java:363|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
)

my docker compose, volume qmdata contains the created certificates:

services:
  ibmmq:
    image: 'docker.io/ibmcom/mq'
    environment:
      - LICENSE=accept
      - MQ_QMGR_NAME=QM1
      - MQ_APP_PASSWORD=qwe
      - MQ_TLS_KEYSTORE=/mnt/mqm/MQServer/certs/key.p12
      - MQ_TLS_PASSPHRASE=qwe
    ports:
      - '1414:1414'
      - '9443:9443'
    volumes:
      - ibmmq:/data/ibmmq
      - ./config.mqsc:/etc/mqm/config.mqsc
      - qmdata:/mnt/mqm
    container_name: ibmmq

volumes:
  ibmmq:
    driver: local
  qmdata:

/mnt/mqm/MQServer/certs/key.p12 contains certificates created as follows:

cd /mnt/mqm
mkdir -p MQServer/certs
cd MQServer/certs
runmqakm -keydb -create -db key.p12 -pw qwe -type pkcs12 -expire 1000 -stash
runmqakm -cert -create -db key.p12 -label ibmwebspheremqqm1 -dn "cn=qm,o=ibm,c=uk" -size 2048 -default_cert yes -stashed
runmqakm -cert -extract -db key.p12 -stashed -label ibmwebspheremqqm1 -target QM1.cert

cd ../..
mkdir -p MQClient/certs
cd MQClient/certs
runmqakm -keydb -create -db client_key.p12 -pw qwe -type pkcs12 -expire 1000
runmqakm -cert -add -label QM1.cert -db client_key.p12 -type pkcs12 -pw qwe -trust enable -file ../../MQServer/certs/QM1.cert

config.mqsc contains these commands:

ALTER CHANNEL(DEV.ADMIN.SVRCONN) CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12)
ALTER CHANNEL(DEV.ADMIN.SVRCONN) CHLTYPE(SVRCONN) SSLCAUTH(REQUIRED)

my application jms config:

        System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false");
        System.setProperty("javax.net.ssl.keyStore", keyStore);
        System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
        System.setProperty("javax.net.ssl.trustStore", trustStore);
        System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
        factory.setObjectProperty(WMQConstants.WMQ_CONNECTION_MODE, Integer.valueOf(WMQConstants.WMQ_CM_CLIENT));
        factory.setStringProperty(WMQConstants.WMQ_HOST_NAME, host);
        factory.setObjectProperty(WMQConstants.WMQ_PORT, port);
        factory.setStringProperty(WMQConstants.WMQ_QUEUE_MANAGER, queueManager);
        factory.setStringProperty(WMQConstants.WMQ_CHANNEL, channel);
        factory.setStringProperty(WMQConstants.USERID, user);
        factory.setStringProperty(WMQConstants.PASSWORD, password);
        factory.setStringProperty(WMQConstants.WMQ_SSL_CIPHER_SUITE, "*TLS12");

  • java
  • ssl-certificate
  • ibm-mq
  • tls1.2

New contributor

SalganikMY is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Theme wordpress giá rẻ Theme wordpress giá rẻ Thiết kế website

LEAVE A COMMENT