Tuesday, 15 January 2013

ssl - WebSphereMQ with HermesJMS -


I use WebSphereMQ v7.1 and HermesJMS v1.14 SoapUI. I set up everything to connect these apps without SSL and they work fine. The problem is, when I try to connect to SSL. I set at parameters:

  SSLCipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA channel, hostname, port, queueManager, transportType: 1  

And I trustStore and keystore in hermes.bat Added. In WMQ I have set up: TRIPLE_DES_SHA_US on this page-on-channel> I see that I know CipherSpec and CipherSuite match right.

What's wrong?

Update

down error Hermes

  because: com.ibm.mq.jmqi.JmqiException: Cc = 2; RC = 2397; AMQ9641: Remote CipherSpec error for channel 'CHANNEL1' [3 = CHANNEL1] com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment (RemoteConnection.java:4322) on com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH (on RemoteConnection Java 2902) in com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess (RemoteConnection.java:1440) on com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection Java : 1115) com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) on com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect (on RemoteFAP.java: 1599 )  

> I know that the solution to this problem - on this page:

Make sure that you set on the client matches a cipher suite Qi Management Server connection cipher space channel.

But as I mentioned before, I have correctly matched cipherspec and ciphersuit.

What are you using an Oracle JRE / JDK? I had only one issue and written about it here:

The easiest solution is to use IBM's JRE / JDK.


1 comment:

  1. You need to use a jks key store and therefore you need to provide a password. the correct way to provide a trust store (key store is similar) is on the Java system options. So in hermes.bat edit the invocation line to look something similar to the following:

    start "HermesJMS" "%JAVA_HOME%\bin\javaw" -XX:NewSize=256m -Xmx1024m -Dhermes.home="%HERMES_HOME%" %HERMES_OPTS% -Djavax.net.ssl.trustStore=C:\ssl\keyStore.jks -Djavax.net.ssl.trustStorePassword=password ......

    Hope that helps.

    ReplyDelete