com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'xxx' with connection mode 'yyy' and host name 'zzz'
JMS app requires seven parameters to make successful SSL connection with MQ series given here, https://github.com/ibm-messaging/mq-tls-ssl-wizard/blob/master/com.ibm.mq.ssl-wizard/src/tlswizard/samples/SSLSampleJMS.java
I am trying to interpret these parameters,
Conname- the connection name of the server queue manager in the same format as the CONNAME parameter on the MQSC DEFINE CHANNEL command, but without the port specified.
- I guess this is host name
Port - the connection port of the server queue manager.
- This is port number
SvrconnChannelName - the name of the server connection channel on the server queue manager with which the sample program will try to connect.
QMgrName - the name of the server queue manager.
SSLCiph - the SSL CipherSpec.
- I am using SSL_RSA_WITH_AES_256_CBC_SHA.
SSLKeyr - the name of a single store, which is both the keystore and truststore.
I generated myjksfile.jks using mycertfile.cert using mypassword with below command and provided path of this file in program as "C:\Users\abc\myjksfile.jks",- keytool -import -trustcacerts -keystore myjksfile.jks -storepass changeit -noprompt -alias ibmWebSphereMQUTQX -file C:\mqlib\mycertfile.cert
SSLKeyrPassword - the SSL key repository password the password which I used to generate myjksfile.jks file
Running above program with these seven parameters results this exception,
com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to
queue manager 'XXXX' with connection mode 'Client' and host name
'xxxx.yyyyyy.com(XXXXX)'.Check the queue manager is started and if running in
client mode, check there is a listener running. Please see the linked
exception for more information. at
com.ibm.msg.client.wmq.common.internal.Reason.reasonToException
(Reason.java:580) at
com.ibm.msg.client.wmq.common.internal.Reason.createException
(Reason.java:216) at com.ibm.msg.client.wmq.internal.WMQConnection.<init>
(WMQConnection.java:431) at
com.ibm.msg.client.wmq.factories.WMQConnectionFactory.
createV7ProviderConnection(WMQConnectionFactory.java:6789) at
com.ibm.msg.client.wmq.factories.WMQConnectionFactory.
createProviderConnection(WMQConnectionFactory.java:6157)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.
createConnection(JmsConnectionFactoryImpl.java:285)
at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection
(MQConnectionFactory.java:6126) at
com.ibm.mq.jms.MQQueueConnectionFactory.createQueueConnection
(MQQueueConnectionFactory.java:115) at
SSLSampleJMS.runSample(SSLSampleJMS.java:176)
at SSLSampleJMS.main(SSLSampleJMS.java:135)
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with
compcode '2' ('MQCC_FAILED') reason '2393' ('MQRC_SSL_INITIALIZATION_ERROR').
at com.ibm.msg.client.wmq.common.internal.Reason.createException
(Reason.java:204)... 8 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9204: Connection to
host 'xxxx.yyyyyy.com(XXXXX)' rejected.
[1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2393;AMQ9771: SSL handshake failed.
[1=java.lang.IllegalArgumentException[Cannot support
SSL_RSA_WITH_AES_256_CBC_SHA with currently installed
providers],3=xxxx.yyyyyy.com/XX.XXX.XXX.XXX:XXXXX (xxxx.yyyyyy.com),4=SSLSocket.createSocket,5=default]],3=xxxx.yyyyyy.com(XXXXX),5=RemoteTCPConnection.makeSocketSecure]
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2098)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1347)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:350)
... 7 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake
failed. [1=java.lang.IllegalArgumentException[Cannot support
SSL_RSA_WITH_AES_256_CBC_SHA with currently installed
providers],3=xxxx.yyyyyy.com/XX.XXX.XXX.XXX:XXXXX
(xxxx.yyyyyy.com),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:2001) at com.ibm.mq.jmqi.remote.impl.
RemoteTCPConnection.connnectUsingLocalAddress(RemoteTCPConnection.java:855)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1262) at
com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect
(RemoteConnection.java:714) at
com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.
getSessionFromNewConnection(RemoteConnectionSpecification.java:356)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.
getSession(RemoteConnectionSpecification.java:265)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.
getSession(RemoteConnectionPool.java:144)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1709)
... 9 more
Caused by: java.lang.IllegalArgumentException: Cannot support
SSL_RSA_WITH_AES_256_CBC_SHA with currently installed providers
at com.ibm.jsse2.o.<init>(o.java:29)
at com.ibm.jsse2.as.setEnabledCipherSuites(as.java:5)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1994)
... 16 more
Process finished with exit code 0
Answer
Above exception was cause of using wrong cipher suite on JMS clint side. I was using SSL_RSA_WITH_AES_256_CBC_SHA cipher suite on client side and was getting "java.lang.IllegalArgumentException[Cannot support
SSL_RSA_WITH_AES_256_CBC_SHA with currently installed
providers." Using correct cipher suite (TLS_RSA_WITH_AES_256_CBC_SHA) at JMS client side made handshake successful between JMS client and MQ series.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1IV66840