我汇报了客户端与问题的SSL握手为:MQ服务器失败:AMQ9637:通道缺少证书。但是Java客户端配置为发送
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
...
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1187)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:724)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:400)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:299)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:164)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1598)
... 15 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1156)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1151)
at java.security.AccessController.doPrivileged(Native Method)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1149)
... 20 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
... 27 more
和MQ服务器上为:
AMQ9637: Channel is lacking a certificate.
显然,服务器没有获得(或接受?)客户端证书。这是不好的前提,问题是服务器证书。
我用:
JAVA 7 (1.7.0_75)
MQ 7.5 client libs (7.5.0.2)
MQ 8.0 server (8.0.0.5)
这里是client Java class。我尝试接受所有服务器证书,并将客户端证书发送到MQ服务器端,并在MQ信任存储区中导入相同的证书。不确定问题是否对证书名称有任何限制,正如在此处注意到的那样:http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg21245474或者证书确实没有发送到服务器端。
---编辑:---
通道是否在没有客户端身份验证的情况下工作?当队列管理器无法找到它的签署者证书时,可能会引发此错误。 –
我想将它设置为验证客户端,我在MQ通道目录下的密钥库中注册了客户端证书,但我完全不明白店铺与给定经理的关系。我猜它是由它的位置完成的。 –
我知道你想要客户端身份验证,但首先使连接无需工作。在我看来,您没有正确设置密钥库,它需要位于QM密钥存储库属性中指定的位置。你在哪里添加了队列管理器的签名证书? –