Troubleshooting Java/JMS SSL Configurations

Technote (troubleshooting)


Problem(Abstract)

This document is intended to help diagnose WebSphere MQ V7 Java™ or JMS SSL setup errors.
It lists most of the common configuration errors that can cause an SSL connection from a Java/JMS client to a queue manager to fail, and gives the course of action to resolve the problem.

In each case the error can be diagnosed by a combination of the error seen in the client log - either a console output, trace file or SystemOut.log file - and the queue manager's error logs.

The document is quite long, so the easiest way to find the potential error is to search for one of the errors seen in this list, then filter this list using the error from the opposite end of the channel. All cases here assume that 2-way authentication is being attempted (SSLCAUTH set to REQUIRED on the queue manager's SVRCONN channel). This is the default, and the errors are very similar for 1-way authentication (SSLCAUTH set to OPTIONAL).

Symptom


Diagnosing the problem

Two sets of documentation are required:

  • SystemOut, console output or Java/JMS trace - this will show the exceptions with stack outputs as seen below
  • AMQERR*.LOG files from the queue manager install location. these will contain the AMQxxxx errors as seen below




Resolving the problem

Cause 1 Client missing personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2059' ('MQRC_Q_MGR_NOT_AVAILABLE')

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;
AMQ9204: Connection to host localhost(1414)' rejected.
[1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2059;
AMQ9503: Channel negotiation failed.
[3=SYSTEM.DEF.SVRCONN]],3=localhost(1414),
5=RemoteConnection.analyseErrorSegment]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:2010)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1227)
at com.ibm.msg.client.wmq.internal.WMQConnection.
(WMQConnection.java:355)
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;
AMQ9503: Channel negotiation failed.
[3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.analyseErrorSegment(RemoteConnection.java:4366)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.receiveTSH(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.initSess(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.connect(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
Queue Manager
Error Logs
AMQ9637: Channel is lacking a certificate.
Solution Add a personal certificate to the client's keystore which has been signed by a certificate in the queue manager's key database.


Cause 2 Missing server personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR'))

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;
AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException
[Remote host closed connection during
handshake],3=localhost/127.0.0.1:1414(localhost),
4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection
.protocolConnect(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.connect(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake
at com.ibm.jsse2.tc.a(tc.java:438)
at com.ibm.jsse2.tc.g(tc.java:416)
at com.ibm.jsse2.tc.a(tc.java:60)
at com.ibm.jsse2.tc.startHandshake(tc.java:381)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection$6
.run(RemoteTCPConnection.java:1005)
at java.security.AccessController.doPrivileged(AccessController.java:202)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection
.protocolConnect(RemoteTCPConnection.java:1000)
... 11 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.ibm.jsse2.a.a(a.java:120)
at com.ibm.jsse2.tc.a(tc.java:540)
... 17 more )

Queue Manager
Error Logs
AMQ9637: Channel is lacking a certificate.
Solution Add a personal certificate to the queue manager's key database which has been signed by a certificate in the client's truststore, and which has a label of the form"ibmwebspheremqqmname."


Cause 3 Missing server signer on client
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR')

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;
AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException[com.ibm.jsse2.util.g: PKIX path building failed :
java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Some Name,
O=IBM, L=Hursley, ST=Hampshire, C=UK is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Signature does not match.],3=localhost/127.0.0.1:1414
(localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection
.protocolConnect(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection
.connect(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.;internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Some Name,
O=IBM, L=Hursley, ST=Hampshire, C=UK is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Signature does not match

Queue Manager
Error Logs
AMQ9665: SSL connection closed by remote end of channel '????'.
Solution Add the certificate used to sign the queue manager's personal certificate to the client's truststore.


Cause 4 Missing client signer on server
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'localhost(1414)' rejected.
[1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=java.net.SocketException[Software caused connection abort: socket write error],
3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]],
3=localhost(1414),5=RemoteTCPConnection.protocolConnect]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:2010)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1227)
at com.ibm.msg.client.wmq.internal.WMQConnection.
(WMQConnection.java:355)
... 6 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=java.net.SocketException[Software caused connection abort: socket write error],
3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.SocketException: Software caused connection abort: socket write error


Queue Manager
Error Logs
AMQ9633: Bad SSL certificate for channel '????'.
Solution Add the certificate used to sign the queue manager's personal certificate to the client's truststore.


Cause 5 Cipher spec mismatch
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'SYSTEM.DEF.SVRCONN'. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4322)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599)

Queue Manager
Error Logs
AMQ9631: The CipherSpec negotiated during the SSL handshake does not match the required CipherSpec for channel 'SYSTEM.DEF.SVRCONN'.
Solution Ensure that the cipher suite on the client matches the cipher spec on the queue manager's server connection channel.


Cause 6 No cipher enabled on client
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'SYSTEM.DEF.SVRCONN'. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4322)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599)


Queue Manager
Error Logs
AMQ9639: Remote channel 'SYSTEM.DEF.SVRCONN' did not specify a CipherSpec.
Solution Ensure that there is a cipher suite set on the client matching the cipher spec on the queue manager's server connection channel.


Cause 7 No cipher enabled on queue manager's server connection channel
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'SYSTEM.DEF.SVRCONN'. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4322)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)


Queue Manager
Error Logs
AMQ9635: Channel 'SYSTEM.DEF.SVRCONN' did not specify a valid CipherSpec.
Solution Ensure that there is a cipher spec on the queue manager's server connection channel matching the cipher suite set on the client..


Cause 8 Using non-FIPS cipher, FIPS enabled on client (not on server)
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2393' ('MQRC_SSL_INITIALIZATION_ERROR').

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed.
[1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode],
3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1748)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite
SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode
at com.ibm.jsse2.q.a(q.java:84)
at com.ibm.jsse2.r.(r.java:75)
at com.ibm.jsse2.tc.setEnabledCipherSuites(tc.java:184)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1741)

Queue Manager
Error Logs
No errors seen
Solution Either disable FIPS on the client or ensure both FIPS is enabled on the server and a FIPS-enabled cipher is being used.


Cause 9 Using non_FIPS cipher, FIPS enabled on server (not on client)
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException[Received fatal alert: handshake_failure],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.ibm.jsse2.n.a(n.java:8)


Queue Manager
Error Logs
AMQ9616: The CipherSpec proposed is not enabled on the SSL server.
Solution Either disable FIPS on the server or ensure both FIPS is enabled on the client and a FIPS-enabled cipher is being used.


Cause 10 Using FIPS cipher, FIPS not enabled on client
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=javax.net.ssl.SSLHandshakeException[Received fatal alert: handshake_failure],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1020)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.n.a(n.java:8)

Queue Manager
Error Logs
AMQ9616: The CipherSpec proposed is not enabled on the SSL server.
Solution Either enable FIPS on the client or ensure a non FIPS-enabled cipher is being used.


Cause 11 Using non_FIPS cipher, FIPS enabled at both ends
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2393' ('MQRC_SSL_INITIALIZATION_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed.
[1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode], 3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1748)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode at com.ibm.jsse2.q.a(q.java:84)

Queue Manager
Error Logs
No errors seen..
Solution Either disable FIPS at both ends or ensure a FIPS-enabled cipher is being used.


Cause 12 Value of SSLPEER on client does not match personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2398' ('MQRC_SSL_PEER_NAME_MISMATCH').

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2398;AMQ9636: SSL distinguished name does not match peer name, channel '?'.
[4=CN=Some Name, O=IBM, ST=Hampshire, C=UK]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:1071)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)

Queue Manager
Error Logs
No errors seen
Solution Ensure the value of SSLPEER matches the distinguished name of the personal certificate.


Cause 13 Value of SSLPEER on server does not match personal certificate
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2059' ('MQRC_Q_MGR_NOT_AVAILABLE').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9643: Remote SSL peer name error for channel 'SYSTEM.DEF.SVRCONN'. [3=SYSTEM.DEF.SVRCONN]
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment
(RemoteConnection.java:4330)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH
(RemoteConnection.java:2902)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess
(RemoteConnection.java:1440)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1115)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)


Queue Manager
Error Logs
AMQ9636: SSL distinguished name does not match peer name, channel 'SYSTEM.DEF.SVRCONN'.
Solution Ensure the value of SSLPEER matches the distinguished name of the personal certificate.


Cause 14 Listener not running on server
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager.

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2059' ('MQRC_Q_MGR_NOT_AVAILABLE').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9213: A communications error for occurred. [1=java.net.ConnectException[Connection refused: connect],3=localhost]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:663)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)


Queue Manager
Error Logs
No errors seen
Solution Start the listener on the queue manager.


Cause 15 Can not find client keystore
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'localhost(1414)' rejected.
[1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]], 3=localhost(1414),5=RemoteTCPConnection.makeSocketSecure]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:2010)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1227)
at com.ibm.msg.client.wmq.internal.WMQConnection.(WMQConnection.java:355)
... 6 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1706)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket
(SSLSocketFactory.java:1)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1699)
... 13 more
Caused by: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at java.security.Provider$Service.newInstance(Provider.java:894)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:299)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:237)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory
(RemoteTCPConnection.java:2158)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1689)
... 13 more
Caused by: java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.lang.Exception: Keystore file does not exist: C:\keystore\wrongfile.jks

Queue Manager
Error Logs
No errors seen
Solution Specify the correct name and location for the client keystore.


Cause 16 Client keystore password incorrect
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1706)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:1)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1699)
... 13 more
Caused by: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at java.security.Provider$Service.newInstance(Provider.java:894)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:299)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:237)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory
(RemoteTCPConnection.java:2158)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1689)
... 13 more
Caused by: java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.io.IOException: Keystore was tampered with, or password was incorrect

Queue Manager
Error Logs
No errors seen
Solution Specify the correct password for the client keystore.


Cause 17 Can not find client truststore
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1706)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection
(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket
(SSLSocketFactory.java:1)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1699)
... 13 more
Caused by: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at java.security.Provider$Service.newInstance(Provider.java:894)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:299)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:237)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory
(RemoteTCPConnection.java:2158)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1689)
... 13 more
Caused by: java.lang.Exception: Truststore file does not exist: C:\keystore\wrongfile.jks


Queue Manager
Error Logs
No errors seen..
Solution Specify the correct name and location for the client truststore.



Cause 18 Client truststore password incorrect
SystemOut.log or Console Output JMSWMQ0018: Failed to connect to queue manager

JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').

Stack includes:
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed.
[1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1706)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress
(RemoteTCPConnection.java:674)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect
(RemoteTCPConnection.java:991)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect
(RemoteConnection.java:1112)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool
.getConnection(RemoteConnectionPool.java:350)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect
(RemoteFAP.java:1599)
... 8 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket
(SSLSocketFactory.java:1)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1699)
... 13 more
Caused by: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found:
at java.security.Provider$Service.newInstance(Provider.java:894)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:299)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:237)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory
(RemoteTCPConnection.java:2158)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure
(RemoteTCPConnection.java:1689)
... 13 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at com.ibm.crypto.provider.JavaKeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(KeyStore.java:414)
at com.ibm.jsse2.uc.a(uc.java:54)
at com.ibm.jsse2.lc.f(lc.java:12)
at com.ibm.jsse2.lc.(lc.java:16)
at java.lang.J9VMInternals.newInstanceImpl(Native Method)
at java.lang.Class.newInstance(Class.java:1345)
at java.security.Provider$Service.newInstance(Provider.java:880)
... 20 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed


Queue Manager
Error Logs
No errors seen.
Solution Specify the correct password for the client truststore.




Cross reference information
Segment Product Component Platform Version Edition
Business Integration WebSphere MQ Security

Product Alias/Synonym

WMQ MQ

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere MQ
SSL

Software version:

7.0, 7.0.1, 7.1, 7.5

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows

Reference #:

1614686

Modified date:

2013-02-21

Translate my page

Machine Translation

Content navigation