[英]Can't connect to WebSphereMQ SSL channel
This being an SSL connection, I'd expect to be able to use openssl s_client -connect localhost:1414
to check if it works at all.这是一个 SSL 连接,我希望能够使用
openssl s_client -connect localhost:1414
来检查它是否有效。 However I just get:但是我只是得到:
CONNECTED(00000003)
140512696194912:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 249 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Which sounds to me like there's no one speaking SSL on the port.在我看来,端口上没有人说 SSL。 What am I missing?
我错过了什么?
See below for output of DISPLAY LISTENER(*) ALL
, DISPLAY QMGR
and DISPLAY CHANNEL(*) ALL
:请参阅下面的
DISPLAY LISTENER(*) ALL
、 DISPLAY QMGR
和DISPLAY CHANNEL(*) ALL
:
DISPLAY LISTENER(*) ALL
4 : DISPLAY LISTENER(*) ALL
AMQ8630: Display listener information details.
LISTENER(ADEP.DEV.LISTENER) CONTROL(QMGR)
TRPTYPE(TCP) PORT(1414)
IPADDR( ) BACKLOG(0)
DESCR( ) ALTDATE(2017-01-17)
ALTTIME(12.00.31)
AMQ8630: Display listener information details.
LISTENER(SYSTEM.DEFAULT.LISTENER.TCP) CONTROL(MANUAL)
TRPTYPE(TCP) PORT(0)
IPADDR( ) BACKLOG(0)
DESCR( ) ALTDATE(2017-01-17)
ALTTIME(12.00.31)
DISPLAY QMGR
1 : DISPLAY QMGR
AMQ8408: Display Queue Manager details.
QMNAME(MYQMGR) ACCTCONO(DISABLED)
ACCTINT(1800) ACCTMQI(OFF)
ACCTQ(OFF) ACTIVREC(MSG)
ACTVCONO(DISABLED) ACTVTRC(OFF)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
AUTHOREV(DISABLED) CCSID(1208)
CERTLABL(ibmwebspheremqfoo) CERTVPOL(ANY)
CHAD(DISABLED) CHADEV(DISABLED)
CHADEXIT( ) CHLEV(DISABLED)
CHLAUTH(DISABLED) CLWLDATA( )
CLWLEXIT( ) CLWLLEN(100)
CLWLMRUC(999999999) CLWLUSEQ(LOCAL)
CMDEV(DISABLED) CMDLEVEL(800)
COMMANDQ(SYSTEM.ADMIN.COMMAND.QUEUE) CONFIGEV(DISABLED)
CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
CRDATE(2017-01-17) CRTIME(12.00.30)
CUSTOM( ) DEADQ(DLQ)
DEFCLXQ(SCTQ) DEFXMITQ( )
DESCR( ) DISTL(YES)
INHIBTEV(DISABLED) IPADDRV(IPV4)
LOCALEV(DISABLED) LOGGEREV(DISABLED)
MARKINT(5000) MAXHANDS(256)
MAXMSGL(4194304) MAXPROPL(NOLIMIT)
MAXPRTY(9) MAXUMSGS(10000)
MONACLS(QMGR) MONCHL(OFF)
MONQ(OFF) PARENT( )
PERFMEV(DISABLED) PLATFORM(UNIX)
PSMODE(ENABLED) PSCLUS(ENABLED)
PSNPMSG(DISCARD) PSNPRES(NORMAL)
PSRTYCNT(5) PSSYNCPT(IFPER)
QMID(MYQMGR_2017-01-17_12.00.30) REMOTEEV(DISABLED)
REPOS( ) REPOSNL( )
REVDNS(ENABLED) ROUTEREC(MSG)
SCHINIT(QMGR) SCMDSERV(QMGR)
SPLCAP(ENABLED) SSLCRLNL( )
SSLCRYP( ) SSLEV(DISABLED)
SSLFIPS(NO)
SSLKEYR(/var/mqm/qmgrs/MYQMGR/ssl/key)
SSLRKEYC(0) STATACLS(QMGR)
STATCHL(OFF) STATINT(1800)
STATMQI(OFF) STATQ(OFF)
STRSTPEV(ENABLED) SUITEB(NONE)
SYNCPT TREELIFE(1800)
TRIGINT(999999999) VERSION(08000004)
XRCAP(YES)
DISPLAY CHANNEL(*) ALL
2 : DISPLAY CHANNEL(*) ALL
AMQ8414: Display Channel details.
CHANNEL(FOO) CHLTYPE(SVRCONN)
ALTDATE(2017-01-18) ALTTIME(02.36.46)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE)
DESCR(Channel to Put and Get from AL)
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(OPTIONAL)
SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
SSLPEER( ) TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.ADMIN.SVRCONN) CHLTYPE(SVRCONN)
ALTDATE(2017-01-18) ALTTIME(02.39.40)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) DESCR( )
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(OPTIONAL)
SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
SSLPEER( ) TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.AUTO.RECEIVER) CHLTYPE(RCVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHSZ(50) CERTLABL( )
COMPHDR(NONE) COMPMSG(NONE)
DESCR(Auto-defined by) HBINT(300)
KAINT(AUTO) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
MRDATA( ) MREXIT( )
MRRTY(10) MRTMR(1000)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PUTAUT(DEF)
RCVDATA( ) RCVEXIT( )
RESETSEQ(NO) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SEQWRAP(999999999)
SSLCAUTH(REQUIRED) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TRPTYPE(TCP) USEDLQ(YES)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.AUTO.SVRCONN) CHLTYPE(SVRCONN)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) DESCR(Auto-defined by)
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.CLUSRCVR) CHLTYPE(CLUSRCVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) CLUSNL( )
CLUSTER( ) CLWLPRTY(0)
CLWLRANK(0) CLWLWGHT(50)
COMPHDR(NONE) COMPMSG(NONE)
CONNAME( ) CONVERT(NO)
DESCR( ) DISCINT(6000)
HBINT(300) KAINT(AUTO)
LOCLADDR( ) LONGRTY(999999999)
LONGTMR(1200) MAXMSGL(4194304)
MCANAME( ) MCATYPE(THREAD)
MCAUSER( ) MODENAME( )
MONCHL(QMGR) MRDATA( )
MREXIT( ) MRRTY(10)
MRTMR(1000) MSGDATA( )
MSGEXIT( ) NETPRTY(0)
NPMSPEED(FAST) PROPCTL(COMPAT)
PUTAUT(DEF) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
STATCHL(QMGR) TPNAME( )
TRPTYPE(TCP) USEDLQ(YES)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.CLUSSDR) CHLTYPE(CLUSSDR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CLUSNL( ) CLUSTER( )
CLWLPRTY(0) CLWLRANK(0)
CLWLWGHT(50) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR( )
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(THREAD) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.RECEIVER) CHLTYPE(RCVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHSZ(50) CERTLABL( )
COMPHDR(NONE) COMPMSG(NONE)
DESCR( ) HBINT(300)
KAINT(AUTO) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
MRDATA( ) MREXIT( )
MRRTY(10) MRTMR(1000)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PUTAUT(DEF)
RCVDATA( ) RCVEXIT( )
RESETSEQ(NO) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SEQWRAP(999999999)
SSLCAUTH(REQUIRED) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TRPTYPE(TCP) USEDLQ(YES)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.REQUESTER) CHLTYPE(RQSTR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHSZ(50) CERTLABL( )
COMPHDR(NONE) COMPMSG(NONE)
CONNAME( ) DESCR( )
HBINT(300) KAINT(AUTO)
LOCLADDR( ) MAXMSGL(4194304)
MCANAME( ) MCATYPE(PROCESS)
MCAUSER( ) MODENAME( )
MONCHL(QMGR) MRDATA( )
MREXIT( ) MRRTY(10)
MRTMR(1000) MSGDATA( )
MSGEXIT( ) NPMSPEED(FAST)
PASSWORD( ) PUTAUT(DEF)
RCVDATA( ) RCVEXIT( )
RESETSEQ(NO) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SEQWRAP(999999999)
SSLCAUTH(REQUIRED) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.SENDER) CHLTYPE(SDR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR( )
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(PROCESS) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
XMITQ( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.SERVER) CHLTYPE(SVR)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR( )
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(PROCESS) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
STATCHL(QMGR) TPNAME( )
TRPTYPE(TCP) USEDLQ(YES)
USERID( ) XMITQ( )
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.SVRCONN) CHLTYPE(SVRCONN)
ALTDATE(2017-01-17) ALTTIME(12.00.31)
CERTLABL( ) COMPHDR(NONE)
COMPMSG(NONE) DESCR( )
DISCINT(0) HBINT(300)
KAINT(AUTO) MAXINST(999999999)
MAXINSTC(999999999) MAXMSGL(4194304)
MCAUSER( ) MONCHL(QMGR)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SHARECNV(10) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
TRPTYPE(TCP)
AMQ8414: Display Channel details.
CHANNEL(SYSTEM.DEF.CLNTCONN) CHLTYPE(CLNTCONN)
AFFINITY(PREFERRED) ALTDATE(2017-01-17)
ALTTIME(12.00.31) CERTLABL( )
CLNTWGHT(0) COMPHDR(NONE)
COMPMSG(NONE) CONNAME( )
DEFRECON(NO) DESCR( )
HBINT(300) KAINT(AUTO)
LOCLADDR( ) MAXMSGL(4194304)
MODENAME( ) PASSWORD( )
QMNAME( ) RCVDATA( )
RCVEXIT( ) SCYDATA( )
SCYEXIT( ) SENDDATA( )
SENDEXIT( ) SHARECNV(10)
SSLCIPH( ) SSLPEER( )
TPNAME( ) TRPTYPE(TCP)
USERID( )
Does the CERTLABL
value ibmwebspheremqfoo
match the label of the cert in the key.kdb
file? CERTLABL
值ibmwebspheremqfoo
是否与key.kdb
文件中的证书标签匹配? If it does not then then update the CERTLABL value to match or rename the cert label in the key.kdb to match.如果没有,则更新 CERTLABL 值以匹配或重命名 key.kdb 中的证书标签以匹配。
Does the key.kdb
file contain the full chain of issuing certs (ex: root and intermediate)? key.kdb
文件是否包含完整的颁发证书链(例如:root 和中级证书)? If it does not make sure the full chain is included in the key.kdb.如果它不能确保完整的链包含在 key.kdb 中。 Make sure you issue the command
REFRESH SECURITY TYPE(SSL)
following any updates to the key.kdb, this will force MQ to re-read the file.确保在对 key.kdb 进行任何更新后发出
REFRESH SECURITY TYPE(SSL)
命令,这将强制 MQ 重新读取文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.