Trouble connecting using SSL
48 views
Skip to first unread message
drbell48
Jun 10, 2009, 2:27:24 PM6/10/09
to QFlex
I'm using version 3.3.3 on Windows Server 2003 R2. I am having
trouble getting the SSL connection to work. I can connect without
SSL, but I cannot seem to get a connection using SSL. I've tried
creating my key stores using IBM Key Manager and Portecle. I've tried
using the same store for both my Keystore and my Truststore. I've
ensured I've imported my certificates on both sides (QFLEX and Queue
Manager I'm trying to connect to). No matter what I try, I keep
getting this error
Error Message(s)
Failed to load file QFLEX-KEYSTORE.jks
Failed to load file QFLEX-TRUSTSTORE.jks
Failed to connect to qmanager <InsertQueueManagerName> because
MQJE001: An MQException occurred: Completion Code 2, Reason 2009
MQJE016: MQ queue manager closed channel immediately during connect
Closure reason = 2009
I assume the MQ error message is because the system isn't successfully
loading the keystore. I've checked my NTFS permissions and that
should not be an issue. Any thoughts would be helpful
trouble getting the SSL connection to work. I can connect without
SSL, but I cannot seem to get a connection using SSL. I've tried
creating my key stores using IBM Key Manager and Portecle. I've tried
using the same store for both my Keystore and my Truststore. I've
ensured I've imported my certificates on both sides (QFLEX and Queue
Manager I'm trying to connect to). No matter what I try, I keep
getting this error
Error Message(s)
Failed to load file QFLEX-KEYSTORE.jks
Failed to load file QFLEX-TRUSTSTORE.jks
Failed to connect to qmanager <InsertQueueManagerName> because
MQJE001: An MQException occurred: Completion Code 2, Reason 2009
MQJE016: MQ queue manager closed channel immediately during connect
Closure reason = 2009
I assume the MQ error message is because the system isn't successfully
loading the keystore. I've checked my NTFS permissions and that
should not be an issue. Any thoughts would be helpful
drbell48
Jun 22, 2009, 2:58:05 PM6/22/09
to QFlex
With some assistance I was able to make this work. If you navigate to
qflex-3.3.3\bin\tomcat\webapps\QFLEX\WEB-INF\classes, you will find
file qflex.properties
I found that file and it pointed to C:/home/QFLEX/keystore. I tried
changing where it pointed but that didn't help. Next I tried creating
that directory and moving my keystore (QFLEX-keystore) and truststore
(QFLEX-truststore) into that location. I found that worked, but in an
odd way. Instead of directly using the keystores that I pointed to in
the Web interface, it made a copy of those keystores and renamed them
to <QueueManagerName>_keystore and <QueueManagerName>_truststore. I
then tried removing that connection and deleting the keystores from
that location and tried setting up the connection by pointing to my
original location in the web interface (D:\Certs). This worked in the
same way. It copied the QFLEX-keystore and QFLEX-truststore from D:
\Certs and made new stores in C:\home\QFLEX\keystore named
<QueueManagerName>_keystore and <QueueManagerName>_truststore.
This works, but struck me as a little odd as it appears to create a
separate keystore and truststore for each queue manager that I am
monitoring. I just wanted to take the time to report back on what I
found and how I made it work.
qflex-3.3.3\bin\tomcat\webapps\QFLEX\WEB-INF\classes, you will find
file qflex.properties
I found that file and it pointed to C:/home/QFLEX/keystore. I tried
changing where it pointed but that didn't help. Next I tried creating
that directory and moving my keystore (QFLEX-keystore) and truststore
(QFLEX-truststore) into that location. I found that worked, but in an
odd way. Instead of directly using the keystores that I pointed to in
the Web interface, it made a copy of those keystores and renamed them
to <QueueManagerName>_keystore and <QueueManagerName>_truststore. I
then tried removing that connection and deleting the keystores from
that location and tried setting up the connection by pointing to my
original location in the web interface (D:\Certs). This worked in the
same way. It copied the QFLEX-keystore and QFLEX-truststore from D:
\Certs and made new stores in C:\home\QFLEX\keystore named
<QueueManagerName>_keystore and <QueueManagerName>_truststore.
This works, but struck me as a little odd as it appears to create a
separate keystore and truststore for each queue manager that I am
monitoring. I just wanted to take the time to report back on what I
found and how I made it work.
Reply all
Reply to author
Forward
0 new messages