I installed the MQ Light server on Windows 7 and followed the steps at https://developer.ibm.com/messaging/docs/mq-light-api/tutorials/security-tutorial/ to enable SSL using a self signed certificate generated by OpenSSL 1.1.0g.
At that point, once I started the MQ light server, my browser timed out trying to do the TLS handshake to the server and any attempt to connect to the server immediately using the Java MQ libraries aborted because the server closed the connection.
I couldn't figure out where the MQ server logs are to check them. Disabling SSL results in the connection working again.
I'm using Oracle Java 8u161 (64-bit).
Any idea what's going on here and how to get SSL working?
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'localhost(5671)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:5671 (localhost),4=SSLSocket.startHandshake,5=default]],3=localhost(5671),5=RemoteTCPConnection.protocolConnect]
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2282)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1294)
at com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:376)
at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:560)
at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:916)
at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:235)
... 16 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:5671 (localhost),4=SSLSocket.startHandshake,5=default]
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1329)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:863)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:409)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:305)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:146)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1730)
... 21 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1002)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1298)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1290)
at java.security.AccessController.doPrivileged(Native Method)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1290)
... 26 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
... 33 more
Related
After following all the steps for setting up a JMS client ( How to configure JMS in JBoss EAP 7?),
I have the following lines of errors:
javax.naming.CommunicationException: WFNAM00018: Failed to connect to remote host [Root exception is java.io.IOException: JBREM000202: Abrupt close on Remoting connection 3c6a9a86 to /127.0.0.1:8080 of endpoint (anonymous) <13805618>]
Caused by: java.io.IOException: JBREM000202: Abrupt close on Remoting connection 3c6a9a86 to /127.0.0.1:8080 of endpoint (anonymous) <13805618>
I am trying to configure the 3node secured Nifi cluster setup by followinng the below Link .
But between nodes the connection not happened after enabled SSL/LDAP and i am getting the below error.
2017-04-01 09:05:47,494 WARN [Clustering Tasks Thread-2] o.apache.nifi.controller.FlowController Failed to send heartbeat due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'HEARTBEAT' protocol message due to: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2017-04-01 09:05:47,494 ERROR [Process Cluster Protocol Request-7] o.a.nifi.security.util.CertificateUtils The incoming request did not contain client certificates and thus the DN cannot be extracted. Check that the other endpoint is providing a complete client certificate chain
2017-04-01 09:05:47,494 WARN [Process Cluster Protocol Request-7] o.a.n.c.p.impl.SocketProtocolListener Failed processing protocol message from HKLPATHAS02.hk.example.com due to org.apache.nifi.cluster.protocol.ProtocolException: java.security.cert.CertificateException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
org.apache.nifi.cluster.protocol.ProtocolException: java.security.cert.CertificateException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at org.apache.nifi.cluster.protocol.impl.SocketProtocolListener.getRequestorDN(SocketProtocolListener.java:221) ~[nifi-framework-cluster-protocol-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2]
at org.apache.nifi.cluster.protocol.impl.SocketProtocolListener.dispatchRequest(SocketProtocolListener.java:133) ~[nifi-framework-cluster-protocol-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2]
at org.apache.nifi.io.socket.SocketListener$2$1.run(SocketListener.java:136) [nifi-socket-utils-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_102]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_102]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_102]
Caused by: java.security.cert.CertificateException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at org.apache.nifi.security.util.CertificateUtils.extractPeerDNFromClientSSLSocket(CertificateUtils.java:306) ~[nifi-security-utils-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2]
at org.apache.nifi.security.util.CertificateUtils.extractPeerDNFromSSLSocket(CertificateUtils.java:261) ~[nifi-security-utils-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2]
at org.apache.nifi.cluster.protocol.impl.SocketProtocolListener.getRequestorDN(SocketProtocolListener.java:219) ~[nifi-framework-cluster-protocol-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2]
... 5 common frames omitted
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) ~[na:1.8.0_102]
at org.apache.nifi.security.util.CertificateUtils.extractPeerDNFromClientSSLSocket(CertificateUtils.java:291) ~[nifi-security-utils-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2]
... 7 common frames omitted
Please guide me to resolve this thread.
The error is saying that one node in the cluster is attempting to make a heartbeat connection to the other node, but it is not providing a valid client certificate in order to authenticate itself during the TLS handshake negotiation. There are a few possible reasons for this error:
The node is not sending the client certificate. Ensure that nifi.security.needClientAuth=true and nifi.cluster.protocol.is.secure=true are present in your nifi.properties file.
The truststore on the receiving node does not contain the public key certificate of the connecting node. When you followed the instructions from that link, how did you generate the respective certificates? Using the Apache NiFi TLS Toolkit as described by Pierre should ensure that all node certificates are signed by the same CA and that the CA is imported into the common truststore. If you manually generated your certificates, ensure that they are trusted on each node (you can do this with OpenSSL's s_client tool).
Error detail as following: (stacktrace)
Caused by: com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2009'.
at com.ibm.mq.MQDestination.open(MQDestination.java:310)
at com.ibm.mq.MQQueue.<init>(MQQueue.java:261)
at com.ibm.mq.MQQueueManager.accessQueue(MQQueueManager.java:2751)
at com.ibm.mq.MQQueueManager.accessQueue(MQQueueManager.java:2779)
at com.citi.sh.h2h.service.adapter.H2hMqSendReceiveAdapter.connect(H2hMqSendReceiveAdapter.java:79)
... 17 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2009
at com.ibm.mq.jmqi.remote.internal.RemoteHconn.getConnection(RemoteHconn.java:884)
at com.ibm.mq.jmqi.remote.internal.RemoteHconn.getCmdLevel(RemoteHconn.java:2698)
at com.ibm.mq.MQDestination.open(MQDestination.java:302)
... 21 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2009;AMQ9213: A communications error for 'TCP' occurred. [1=java.net.SocketException[Unrecognized Windows Sockets error: 0: recv failed],4=TCP,5=sockInStream.read]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.receive(RemoteTCPConnection.java:1515)
at com.ibm.mq.jmqi.remote.internal.RemoteRcvThread.receiveBuffer(RemoteRcvThread.java:804)
at com.ibm.mq.jmqi.remote.internal.RemoteRcvThread.receiveOneTSH(RemoteRcvThread.java:768)
at com.ibm.mq.jmqi.remote.internal.RemoteRcvThread.run(RemoteRcvThread.java:158)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.SocketException: Unrecognized Windows Sockets error: 0: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.receive(RemoteTCPConnection.java:1505)
... 4 more
In windows 2003 server, my application running as a service to connect MQ to execute message. Some process executed successfully, but some are failed. The above error occurred.
My Java application use JDK1.7 and MQ version is 7.0.1.11
Could you give me some solution to fix this issue? Thank your very much for your help!
IBM MQ v7.0 went out of support on September 30th 2015.
I would suggest that you move to a supported version of IBM MQ. I'm leaving 7.1 out of the list below since it will go out of support on April 30 2017. Note that 7.5 will go out of support on April 30 2018.
MQ 7.5 client
MQ 8.0 client
MQ 9.0 client
If you must continue to use a out of support version I did find some references to the cause of your problem being that the Windows server supports both a IPv4 and IPv6 stacks. The solution was to force the JRE to use IPv4 only by adding the following setting to your Java startup.
-Djava.net.preferIPv4Stack=true
I am setting up the IBM Connections 5.5 and am stuck while creating GCD. Please find the errors below. Any help in this would be helpful.
2016-11-19 03:59:24 *** Creating Domain and GCD ...
2016-11-19 03:59:27 com.filenet.api.exception.EngineRuntimeException: FNRCA0031E: API_UNABLE_TO_USE_CONNECTION: The URI for server communication cannot be determined from the connection object http://IMPERIUM04.ibmsw.ibm.aessatl.arrow.com:9082/wsi/FNCEWS40MTOM. Message was: Connection refused: connect
at com.filenet.apiimpl.wsi.ServiceSessionNst.cOpenMultipartOutputStream(ServiceSessionNst.java:287)
at com.filenet.apiimpl.wsi.ServiceSessionNst.cReqRespPath(ServiceSessionNst.java:170)
at com.filenet.apiimpl.wsi.ServiceSessionNst.executeChanges(ServiceSessionNst.java:85)
at com.filenet.apiimpl.util.SessionHandle.executeChanges(SessionHandle.java:112)
at com.filenet.apiimpl.core.Session.callExecuteChanges(Session.java:146)
at com.filenet.apiimpl.core.Session.executeChanges(Session.java:532)
at com.filenet.apiimpl.core.Session.executeChange(Session.java:850)
at com.filenet.apiimpl.core.IndependentlyPersistableObjectImpl.save(IndependentlyPersistableObjectImpl.java:76)
at com.filenet.apiimpl.core.IndependentlyPersistableObjectImpl.save(IndependentlyPersistableObjectImpl.java:67)
at com.ibm.connections.ccmDomainTool.ccmDomainTool.createP8Domain(Unknown Source)
at com.ibm.connections.ccmDomainTool.ccmDomainTool.main(Unknown Source)
java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:97)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:370)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:231)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:192)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:404)
at java.net.Socket.connect(Socket.java:643)
at sun.net.NetworkClient.doConnect(NetworkClient.java:188)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:462)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:557)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:226)
at sun.net.www.http.HttpClient.New(HttpClient.java:329)
at sun.net.www.http.HttpClient.New(HttpClient.java:347)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1010)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:946)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:864)
at com.filenet.apiimpl.wsi.ServiceSessionNst$1.run(ServiceSessionNst.java:391)
at java.security.AccessController.doPrivileged(AccessController.java:420)
at com.filenet.apiimpl.wsi.ServiceSessionNst.cDoPrivilegedHttpConnectAndGetOutputStream(ServiceSessionNst.java:400)
at com.filenet.apiimpl.wsi.ServiceSessionNst.cInitHttpConnection(ServiceSessionNst.java:361)
at com.filenet.apiimpl.wsi.ServiceSessionNst.cOpenMultipartOutputStream(ServiceSessionNst.java:279)
... 10 more
The relevant error here is java.net.ConnectException: Connection refused. From the given URL, the application is trying to connect to 'IMPERIUM04.ibmsw.ibm.aessatl.arrow.com:9082'.
Verify that the hostname and port name are correct. If the details are correct, ensure that the address is reachable. If you are on an enterprise environment, make sure that the firewall is configured to allow this connection.
I'd be very pleased getting help from yours so many thanks in advance.
Can't manage to connect to a WAS server using VisualVM.
WAS properties setup:
Servers->Server types->WebSphere application servers->server1->Process
definition->Java Virtual Machine -> Properties JVM
-Djavax.management.builder.initial=
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.port=9999
WAS console output:
INFO [com.sun.tools.visualvm.jmx.impl.JmxModelImpl]:
connect(service:jmx:rmi:///jndi/rmi://:9999/jmxrmi)
java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
Caused: javax.net.ssl.SSLHandshakeException: Remote host closed
connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.DataOutputStream.flush(DataOutputStream.java:106)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:211)
Caused: java.rmi.ConnectIOException: error during JRMP connection
establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:286)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:97)
Caused: javax.naming.CommunicationException [Root exception is
java.rmi.ConnectIOException: error during JRMP connection
establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]
at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:101)
at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:185)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1886)
at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1856)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:257)
Caused: java.io.IOException: Failed to retrieve RMIServer stub
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:338)
at com.sun.tools.visualvm.jmx.impl.JmxModelImpl$ProxyClient.tryConnect(JmxModelImpl.java:496)
at com.sun.tools.visualvm.jmx.impl.JmxModelImpl$ProxyClient.connect(JmxModelImpl.java:440)
at com.sun.tools.visualvm.jmx.impl.JmxModelImpl.connect(JmxModelImpl.java:220)
at com.sun.tools.visualvm.jmx.impl.JmxModelImpl.(JmxModelImpl.java:209)
at com.sun.tools.visualvm.jmx.impl.JmxModelProvider.createModelFor(JmxModelProvider.java:61)
at com.sun.tools.visualvm.jmx.impl.JmxModelProvider.createModelFor(JmxModelProvider.java:42)
at com.sun.tools.visualvm.core.model.ModelFactory.getModel(ModelFactory.java:111)
at com.sun.tools.visualvm.tools.jmx.JmxModelFactory.getJmxModelFor(JmxModelFactory.java:69)
at com.sun.tools.visualvm.jmx.impl.JmxApplicationProvider.addJmxApplication(JmxApplicationProvider.java:267)
at com.sun.tools.visualvm.jmx.impl.JmxApplicationProvider.createJmxApplication(JmxApplicationProvider.java:185)
at com.sun.tools.visualvm.jmx.JmxApplicationsSupport.createJmxApplicationImpl(JmxApplicationsSupport.java:286)
at com.sun.tools.visualvm.jmx.JmxApplicationsSupport.createJmxApplicationInteractive(JmxApplicationsSupport.java:263)
[catch] at
com.sun.tools.visualvm.jmx.impl.AddJMXConnectionAction$1.run(AddJMXConnectionAction.java:80)
at org.openide.util.RequestProcessor$Task.run(RequestProcessor.java:1418)
at org.openide.util.RequestProcessor$Processor.run(RequestProcessor.java:1957)
Thank you a lot again.
Regards.
Good morning.
Well,we've discovered the solution,kinda easy indeed.
The propertie -Djava.rmi.server.hostname=hostname was pointing to localhost instead of ip.
I Hope this info be usefull to someone more.
Thank you very much.
Regards.