无法连接到 WebSphereMQ SSL 通道
[英]Can't connect to WebSphereMQ SSL channel
问题描述
- MQ8.
MQ8。 I created two channels, FOO and SYSTEM.ADMIN.SVRCONN in a new queue manager MYQMGR.我在新的队列管理器 MYQMGR 中创建了两个通道,FOO 和 SYSTEM.ADMIN.SVRCONN。 - I created a TCP listener on port 1414.我在端口 1414 上创建了一个 TCP 侦听器。
- I created a kdb and associated files in /var/mqm/qmgrs/MYQMGR/ssl, with a server certificate for the qmgr.我在 /var/mqm/qmgrs/MYQMGR/ssl 中创建了一个 kdb 和相关文件,并带有 qmgr 的服务器证书。
- I checked SSLKEYR on the qmgr is set to the right value: /var/mqm/qmgrs/MYQMGR/ssl/key in my case.我检查了 qmgr 上的 SSLKEYR 设置为正确的值:/var/mqm/qmgrs/MYQMGR/ssl/key 在我的情况下。
- I set SSLCIPH on both channels to TLS_RSA_WITH_AES_128_CBC_SHA256.我将两个通道上的 SSLCIPH 设置为 TLS_RSA_WITH_AES_128_CBC_SHA256。
- I stopped and started the queue manager.我停止并启动了队列管理器。
This being an SSL connection, I'd expect to be able to use openssl s_client -connect localhost:1414 to check if it works at all.这是一个 SSL 连接,我希望能够使用openssl s_client -connect localhost:1414来检查它是否有效。 However I just get:但是我只是得到:
CONNECTED(00000003)
140512696194912:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 249 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Which sounds to me like there's no one speaking SSL on the port.在我看来,端口上没有人说 SSL。 What am I missing?我错过了什么?
See below for output of DISPLAY LISTENER(*) ALL , DISPLAY QMGR and DISPLAY CHANNEL(*) ALL :请参阅下面的DISPLAY LISTENER(*) ALL 、 DISPLAY QMGR和DISPLAY CHANNEL(*) ALL :
DISPLAY LISTENER(*) ALL
4 : DISPLAY LISTENER(*) ALL
AMQ8630: Display listener information details.
LISTENER(ADEP.DEV.LISTENER) CONTROL(QMGR)
TRPTYPE(TCP) PORT(1414)
IPADDR( ) BACKLOG(0)
DESCR( ) ALTDATE(2017-01-17)
ALTTIME(12.00.31)
AMQ8630: Display listener information details.
LISTENER(SYSTEM.DEFAULT.LISTENER.TCP) CONTROL(MANUAL)
TRPTYPE(TCP) PORT(0)
IPADDR( ) BACKLOG(0)
DESCR( ) ALTDATE(2017-01-17)
ALTTIME(12.00.31)
DISPLAY QMGR
1 : DISPLAY QMGR
AMQ8408: Display Queue Manager details.
QMNAME(MYQMGR) ACCTCONO(DISABLED)
ACCTINT(1800) ACCTMQI(OFF)
ACCTQ(OFF) ACTIVREC(MSG)
ACTVCONO(DISABLED) ACTVTRC(OFF)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
AUTHOREV(DISABLED) CCSID(1208)
CERTLABL(ibmwebspheremqfoo) CERTVPOL(ANY)
CHAD(DISABLED) CHADEV(DISABLED)
CHADEXIT( ) CHLEV(DISABLED)
CHLAUTH(DISABLED) CLWLDATA( )
CLWLEXIT( ) CLWLLEN(100)
CLWLMRUC(999999999) CLWLUSEQ(LOCAL)
CMDEV(DISABLED) CMDLEVEL(800)
COMMANDQ(SYSTEM.ADMIN.COMMAND.QUEUE) CONFIGEV(DISABLED)
CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
CRDATE(2017-01-17) CRTIME(12.00.30)
CUSTOM( ) DEADQ(DLQ)
DEFCLXQ(SCTQ) DEFXMITQ( )
DESCR( ) DISTL(YES)
INHIBTEV(DISABLED) IPADDRV(IPV4)
LOCALEV(DISABLED) LOGGEREV(DISABLED)
MARKINT(5000) MAXHANDS(256)
MAXMSGL(4194304) MAXPROPL(NOLIMIT)
MAXPRTY(9) MAXUMSGS(10000)
MONACLS(QMGR) MONCHL(OFF)
MONQ(OFF) PARENT( )
PERFMEV(DISABLED) PLATFORM(UNIX)
PSMODE(ENABLED) PSCLUS(ENABLED)
PSNPMSG(DISCARD) PSNPRES(NORMAL)
PSRTYCNT(5) PSSYNCPT(IFPER)
QMID(MYQMGR_2017-01-17_12.00.30) REMOTEEV(DISABLED)
REPOS( ) REPOSNL( )
REVDNS(ENABLED) ROUTEREC(MSG)
SCHINIT(QMGR) SCMDSERV(QMGR)
SPLCAP(ENABLED) SSLCRLNL( )
SSLCRYP( ) SSLEV(DISABLED)
SSLFIPS(NO)
SSLKEYR(/var/mqm/qmgrs/MYQMGR/ssl/key)
SSLRKEYC(0) STATACLS(QMGR)
STATCHL(OFF) STATINT(1800)
STATMQI(OFF) STATQ(OFF)
STRSTPEV(ENABLED) SUITEB(NONE)
SYNCPT TREELIFE(1800)
TRIGINT(999999999) VERSION(08000004)
XRCAP(YES)
DISPLAY CHANNEL(*) ALL
2 : DISPLAY CHANNEL(*) ALL
AMQ8414: Display Channel details.
CHANNEL(FOO) CHLTYPE(SVRCONN)
ALTDATE(2017-01-18) ALTTIME(02.36.46)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE)
DESCR(Channel to Put and Get from AL)
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(OPTIONAL)
SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
SSLPEER( ) TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.ADMIN.SVRCONN) CHLTYPE(SVRCONN)
ALTDATE(2017-01-18) ALTTIME(02.39.40)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) DESCR( )
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(OPTIONAL)
SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
SSLPEER( ) TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.AUTO.RECEIVER) CHLTYPE(RCVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHSZ(50) CERTLABL( )
COMPHDR(NONE) COMPMSG(NONE)
DESCR(Auto-defined by) HBINT(300)
KAINT(AUTO) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
MRDATA( ) MREXIT( )
MRRTY(10) MRTMR(1000)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PUTAUT(DEF)
RCVDATA( ) RCVEXIT( )
RESETSEQ(NO) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SEQWRAP(999999999)
SSLCAUTH(REQUIRED) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TRPTYPE(TCP) USEDLQ(YES)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.AUTO.SVRCONN) CHLTYPE(SVRCONN)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) DESCR(Auto-defined by)
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.CLUSRCVR) CHLTYPE(CLUSRCVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) CLUSNL( )
CLUSTER( ) CLWLPRTY(0)
CLWLRANK(0) CLWLWGHT(50)
COMPHDR(NONE) COMPMSG(NONE)
CONNAME( ) CONVERT(NO)
DESCR( ) DISCINT(6000)
HBINT(300) KAINT(AUTO)
LOCLADDR( ) LONGRTY(999999999)
LONGTMR(1200) MAXMSGL(4194304)
MCANAME( ) MCATYPE(THREAD)
MCAUSER( ) MODENAME( )
MONCHL(QMGR) MRDATA( )
MREXIT( ) MRRTY(10)
MRTMR(1000) MSGDATA( )
MSGEXIT( ) NETPRTY(0)
NPMSPEED(FAST) PROPCTL(COMPAT)
PUTAUT(DEF) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
STATCHL(QMGR) TPNAME( )
TRPTYPE(TCP) USEDLQ(YES)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.CLUSSDR) CHLTYPE(CLUSSDR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CLUSNL( ) CLUSTER( )
CLWLPRTY(0) CLWLRANK(0)
CLWLWGHT(50) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR( )
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(THREAD) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.RECEIVER) CHLTYPE(RCVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHSZ(50) CERTLABL( )
COMPHDR(NONE) COMPMSG(NONE)
DESCR( ) HBINT(300)
KAINT(AUTO) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
MRDATA( ) MREXIT( )
MRRTY(10) MRTMR(1000)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PUTAUT(DEF)
RCVDATA( ) RCVEXIT( )
RESETSEQ(NO) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SEQWRAP(999999999)
SSLCAUTH(REQUIRED) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TRPTYPE(TCP) USEDLQ(YES)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.REQUESTER) CHLTYPE(RQSTR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHSZ(50) CERTLABL( )
COMPHDR(NONE) COMPMSG(NONE)
CONNAME( ) DESCR( )
HBINT(300) KAINT(AUTO)
LOCLADDR( ) MAXMSGL(4194304)
MCANAME( ) MCATYPE(PROCESS)
MCAUSER( ) MODENAME( )
MONCHL(QMGR) MRDATA( )
MREXIT( ) MRRTY(10)
MRTMR(1000) MSGDATA( )
MSGEXIT( ) NPMSPEED(FAST)
PASSWORD( ) PUTAUT(DEF)
RCVDATA( ) RCVEXIT( )
RESETSEQ(NO) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SEQWRAP(999999999)
SSLCAUTH(REQUIRED) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.SENDER) CHLTYPE(SDR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR( )
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(PROCESS) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
XMITQ( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.SERVER) CHLTYPE(SVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR( )
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(PROCESS) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
STATCHL(QMGR) TPNAME( )
TRPTYPE(TCP) USEDLQ(YES)
USERID( ) XMITQ( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.SVRCONN) CHLTYPE(SVRCONN)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) DESCR( )
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.CLNTCONN) CHLTYPE(CLNTCONN)
AFFINITY(PREFERRED) ALTDATE(2017-01-17)
ALTTIME(12.00.31) CERTLABL( )
CLNTWGHT(0) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
DEFRECON(NO) DESCR( )
HBINT(300) KAINT(AUTO)
LOCLADDR( ) MAXMSGL(4194304)
MODENAME( ) PASSWORD( )
QMNAME( ) RCVDATA( )
RCVEXIT( ) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SHARECNV(10)
SSLCIPH( ) SSLPEER( )
TPNAME( ) TRPTYPE(TCP)
USERID( )
1 个解决方案
解决方案1
1 已采纳 2017-01-18 05:11:48
Does the CERTLABL value ibmwebspheremqfoo match the label of the cert in the key.kdb file? CERTLABL值ibmwebspheremqfoo是否与key.kdb文件中的证书标签匹配? If it does not then then update the CERTLABL value to match or rename the cert label in the key.kdb to match.如果没有,则更新 CERTLABL 值以匹配或重命名 key.kdb 中的证书标签以匹配。
Does the key.kdb file contain the full chain of issuing certs (ex: root and intermediate)? key.kdb文件是否包含完整的颁发证书链(例如:root 和中级证书)? If it does not make sure the full chain is included in the key.kdb.如果它不能确保完整的链包含在 key.kdb 中。 Make sure you issue the command REFRESH SECURITY TYPE(SSL) following any updates to the key.kdb, this will force MQ to re-read the file.确保在对 key.kdb 进行任何更新后发出REFRESH SECURITY TYPE(SSL)命令,这将强制 MQ 重新读取文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Joomla无法连接到启用SSL的数据库 - Joomla can't connect to SSL enabled database
无法连接到SSL LDAP服务器 - Can't connect to an SSL LDAP server
无法使用cqlsh通过SSL连接到Cassandra - Can't connect to Cassandra with SSL using cqlsh
无法通过 SSL 连接到代理 - Can't connect to broker over SSL
无法通过 ssl 连接到 mqtt 代理 - can't connect to mqtt broker via ssl
无法从Freenode频道删除对SSL的要求 - Can't remove requirement for SSL from Freenode channel
Python SSL客户端无法使用SSL连接到socketserver - Python ssl client can't connect to socketserver with ssl
无法使用ssl与PDO连接,但使用ssl的mysqli可以正常工作 - Can't connect with PDO using ssl but mysqli with ssl works
winldap无法使用ssl连接到openldap - winldap can't connect to openldap with ssl
设置tomcat + ssl失败..无法连接到SSL通道? - Setting up tomcat + ssl failed.. cannot connect to SSL channel?
相关标签