使用 SSL 从 Java 连接到 MQ 失败,并出现错误 MQJE001:完成代码“2”,原因“2397”

问题描述 投票:0回答:1

Java 程序使用 SSL 连接到 MQ 服务器并向 MQ 发送消息。上周还可以用,现在不行了。以下是客户端的错误堆栈跟踪:

com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2397'.
        at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:251)
        at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:449)
        at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:486)
        at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:97)
        at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:194)
        at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:870)
        at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:818)
        at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:760)
        at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:200)
        at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:893)
        at MQUtility.main(MQUtility.java:405)
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'server.ip.address.number(1919)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host terminated the handshake],3=MQServer_Name/server.ip.address.number:1919 (MQServer_Name),4=SSLSocket.startHandshake,5=default]],3=server.ip.address.number(1919),4=,5=RemoteTCPConnection.protocolConnect]
        at com.ibm.mq.jmqi.remote.api.RemoteFAP$Connector.jmqiConnect(RemoteFAP.java:13635)
        at com.ibm.mq.jmqi.remote.api.RemoteFAP$Connector.access$100(RemoteFAP.java:13175)
        at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1449)
        at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1390)
        at com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:377)
        at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:562)
        at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:916)
        at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:236)
        ... 10 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host terminated the handshake],3=MQServer_Name/server.ip.address.number:1919 (MQServer_Name),4=SSLSocket.startHandshake,5=default]
        at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1493)
        at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:1011)
        at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getNewConnection(RemoteConnectionSpecification.java:688)
        at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:282)
        at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:181)
        at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:127)
        at com.ibm.mq.jmqi.remote.api.RemoteFAP$Connector.jmqiConnect(RemoteFAP.java:13375)
        ... 17 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
        at sun.security.ssl.SSLSocketImpl.handleEOF(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1460)
        at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1452)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1452)
        ... 23 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at sun.security.ssl.SSLSocketInputRecord.read(Unknown Source)
        at sun.security.ssl.SSLSocketInputRecord.readHeader(Unknown Source)
        at sun.security.ssl.SSLSocketInputRecord.decode(Unknown Source)
        at sun.security.ssl.SSLTransport.decode(Unknown Source)
        ... 31 more

以下是从该路径提取的错误日志

C:\ProgramData\IBM\MQ\qmgrs\<mq-manager-name>\errors
:

----- amqrmrsa.c : 938 --------------------------------------------------------
9/22/2023 16:56:09 - Process(1532.229) User(SYSTEM) Program(amqrmppa.exe)
                      Host(MQSERVER_NAME) Installation(Installation1)
                      VRMF(9.0.3.0) QMgr(MQManager_Name)
                      Time(2023-09-22T21:56:09.933Z)
                     
AMQ9620: Internal error on call to SSL function on channel '????' to host
'client_host_name (server.ip.number)'.

EXPLANATION:
An error indicating a software problem was returned from a function which is
used to provide SSL or TLS support. The error code returned was '14'. The
function call was 'gsk_secure_soc_init'. 

The channel is '????'; in some cases its name cannot be determined and so is
shown as '????'. The channel did not start. 

The remote host name is 'client_host_name (server.ip.number)'.
ACTION:
Collect the items listed in the 'Problem determination' section of the System
Administration manual and use either the MQ Support site:
http://www.ibm.com/software/integration/wmq/support/, or IBM Support Assistant
(ISA): http://www.ibm.com/software/support/isa/, to see whether a solution is
already available.  If you are unable to find a match, contact your IBM support
center. 
----- amqccisa.c : 7846 -------------------------------------------------------
9/22/2023 16:56:09 - Process(1532.229) User(SYSTEM) Program(amqrmppa.exe)
                      Host(MQSERVER_NAME) Installation(Installation1)
                      VRMF(9.0.3.0) QMgr(MQManager_Name)
                      Time(2023-09-22T21:56:09.933Z)
                     
AMQ9999: Channel '????' to host 'client_host_name (server.ip.number)' ended abnormally.

EXPLANATION:
The channel program running under process ID 1532(1188) for channel '????'
ended abnormally. The host name is 'client_host_name (server.ip.number)'; in some cases
the host name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide. 
----- amqrmrsa.c : 938 --------------------------------------------------------

请帮我解决此错误。如果证书已过期,那么我如何验证这一点?我有一个客户端使用的密钥文件,由 Java 程序加载。我不熟悉服务器上的 MQ Server 设置,但我可以访问,如果你告诉我要检查什么,我可以尝试一下。

java ssl window ibm-mq
1个回答
0
投票

可能https://www.ibm.com/support/pages/apar/IT15806的潜在情况,因为上面日志中报告的版本是 MQ 9.0.3 CD。应该注意的是,9.0.3 已经很长时间不再支持,强烈建议您升级到当前的 CD 版本,或者如果 CD 发布周期对您来说太快,则迁移到当前的 LTS 版本组织跟上。

要检查证书是否过期非常简单,请将 java 客户端应用程序中使用的 JKS 文件加载到 ikeyman 中,或使用 runmqckm / keytool 访问密钥库。从那里打印出证书详细信息并验证到期日期。

请注意,要执行上述操作,您需要 JKS 文件的密码,否则您将无法访问它。我目前没有安装 IBM MQ 客户端,因此我正在努力获取您需要使用的确切命令,但我将很快编辑这篇文章并提供更多详细信息。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.