I get an error when trying to connect to ibm mq:
javax.net.ssl|ERROR|10|main|2024-07-11 15:28:58.816 MSK|TransportContext.java:363|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
)
my docker compose, volume qmdata contains the created certificates:
services:
ibmmq:
image: 'docker.io/ibmcom/mq'
environment:
- LICENSE=accept
- MQ_QMGR_NAME=QM1
- MQ_APP_PASSWORD=qwe
- MQ_TLS_KEYSTORE=/mnt/mqm/MQServer/certs/key.p12
- MQ_TLS_PASSPHRASE=qwe
ports:
- '1414:1414'
- '9443:9443'
volumes:
- ibmmq:/data/ibmmq
- ./config.mqsc:/etc/mqm/config.mqsc
- qmdata:/mnt/mqm
container_name: ibmmq
volumes:
ibmmq:
driver: local
qmdata:
/mnt/mqm/MQServer/certs/key.p12 contains certificates created as follows:
cd /mnt/mqm
mkdir -p MQServer/certs
cd MQServer/certs
runmqakm -keydb -create -db key.p12 -pw qwe -type pkcs12 -expire 1000 -stash
runmqakm -cert -create -db key.p12 -label ibmwebspheremqqm1 -dn "cn=qm,o=ibm,c=uk" -size 2048 -default_cert yes -stashed
runmqakm -cert -extract -db key.p12 -stashed -label ibmwebspheremqqm1 -target QM1.cert
cd ../..
mkdir -p MQClient/certs
cd MQClient/certs
runmqakm -keydb -create -db client_key.p12 -pw qwe -type pkcs12 -expire 1000
runmqakm -cert -add -label QM1.cert -db client_key.p12 -type pkcs12 -pw qwe -trust enable -file ../../MQServer/certs/QM1.cert
config.mqsc contains these commands:
ALTER CHANNEL(DEV.ADMIN.SVRCONN) CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12)
ALTER CHANNEL(DEV.ADMIN.SVRCONN) CHLTYPE(SVRCONN) SSLCAUTH(REQUIRED)
my application jms config:
System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false");
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
factory.setObjectProperty(WMQConstants.WMQ_CONNECTION_MODE, Integer.valueOf(WMQConstants.WMQ_CM_CLIENT));
factory.setStringProperty(WMQConstants.WMQ_HOST_NAME, host);
factory.setObjectProperty(WMQConstants.WMQ_PORT, port);
factory.setStringProperty(WMQConstants.WMQ_QUEUE_MANAGER, queueManager);
factory.setStringProperty(WMQConstants.WMQ_CHANNEL, channel);
factory.setStringProperty(WMQConstants.USERID, user);
factory.setStringProperty(WMQConstants.PASSWORD, password);
factory.setStringProperty(WMQConstants.WMQ_SSL_CIPHER_SUITE, "*TLS12");
New contributor