我的 SSL 握手问题在客户端报告为:
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
...
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1187)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:724)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:400)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:299)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:164)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1598)
... 15 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1156)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1151)
at java.security.AccessController.doPrivileged(Native Method)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1149)
... 20 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
... 27 more
在 MQ 服务器上为:
AMQ9637: Channel is lacking a certificate.
很明显,服务器没有获取(或接受?)客户端证书。这是一个糟糕的前提,问题出在服务器证书上。
我使用:
JAVA 7 (1.7.0_75)
MQ 7.5 client libs (7.5.0.2)
MQ 8.0 server (8.0.0.5)
这里是client Java class 。我尝试接受所有服务器证书,并将客户端证书发送到 MQ 服务器端,并将相同的证书导入到 MQ 信任存储中。不确定问题是否是对证书名称的任何限制,如下所示:http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg21245474或者如果证书确实没有发送到服务器端。
---编辑:---
这是我的 SSL QMGR 和 CNL 配置屏幕:
最佳答案
首先,我使用自己的标签创建证书,但与默认生成的证书不同:
MQMGR->Properties->SSL->Certificate Label
这是 ibmwebspheremq<qmgr_name_lower_case> ,当我重新创建指定相同名称的证书时:
runmqakm -cert -create -label ibmwebspheremqqm_qmname -stashed -dn "CN=corp.com,OU=DEV,OU=QMGR,O=CORP,L=member,ST=NC,C=US,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="80c5cdc1c9ccbdeee1ede5aef3f5f2eee1ede5c0e3eff2f0aee3efed" rel="noreferrer noopener nofollow">[email protected]</a>" -fips -db key.kdb -ca false
它开始与服务器通信。
编辑:另请参阅this .
关于java - MQ 服务器失败 : AMQ9637: Channel is lacking a certificate. 但 Java 客户端已配置为发送它,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39920793/