I use WebSphereMQ v7.1 and HermesJMS v1.14 SoapUI. I set up everything to connect these apps without SSL and they work fine. The problem is, when I try to connect to SSL. I set at parameters:
SSLCipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA channel, hostname, port, queueManager, transportType: 1
And I trustStore and keystore in hermes.bat Added. In WMQ I have set up: TRIPLE_DES_SHA_US on this page-on-channel> I see that I know CipherSpec and CipherSuite match right.
What's wrong?
Update
down error Hermes
because: com.ibm.mq.jmqi.JmqiException: Cc = 2; RC = 2397; AMQ9641: Remote CipherSpec error for channel 'CHANNEL1' [3 = CHANNEL1] com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment (RemoteConnection.java:4322) on com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH (on RemoteConnection Java 2902) in com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess (RemoteConnection.java:1440) on com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection Java : 1115) com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) on com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect (on RemoteFAP.java: 1599 )
> I know that the solution to this problem - on this page:
Make sure that you set on the client matches a cipher suite Qi Management Server connection cipher space channel.
But as I mentioned before, I have correctly matched cipherspec and ciphersuit.
What are you using an Oracle JRE / JDK? I had only one issue and written about it here:
The easiest solution is to use IBM's JRE / JDK.
You need to use a jks key store and therefore you need to provide a password. the correct way to provide a trust store (key store is similar) is on the Java system options. So in hermes.bat edit the invocation line to look something similar to the following:
ReplyDeletestart "HermesJMS" "%JAVA_HOME%\bin\javaw" -XX:NewSize=256m -Xmx1024m -Dhermes.home="%HERMES_HOME%" %HERMES_OPTS% -Djavax.net.ssl.trustStore=C:\ssl\keyStore.jks -Djavax.net.ssl.trustStorePassword=password ......
Hope that helps.