如何使用启用了Websphere SSL的MQ配置JBOSS连接? [英] How to configure JBOSS connectivity with Websphere SSL enabled MQ?
问题描述
我们正在使用通过openshift维护的JBOSS EAP 6.3.我们要连接启用了SSL的Websphere MQ.
We are using JBOSS EAP 6.3 maintained via openshift. We want to connect with Websphere MQ which is SSL enabled.
我能够通过JBOSS成功连接到非SSL MQ.但是,当尝试连接ssl MQ时,我遇到了以下错误,
I am successfully able to connect to non-ssl MQ via JBOSS. But while trying to connect with ssl MQ i am facing below error,
Blockquote 原因:javax.net.ssl.SSLHandshakeException:没有适当的协议(已禁用协议或密码套件不合适) 在sun.security.ssl.Handshaker.activate(Handshaker.java:470)[jsse.jar:1.7.0_79] 在sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1438)[jsse.jar:1.7.0_79] 在sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1308)[jsse.jar:1.7.0_79] 在sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)[jsse.jar:1.7.0_79] 在sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)[jsse.jar:1.7.0_79] 在com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection $ 6.run(RemoteTCPConnection.java:1314) 在com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection $ 6.run(RemoteTCPConnection.java:1309) 在java.security.AccessController.doPrivileged(本机方法)[rt.jar:1.7.0_79] 在com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1307) ...另外26个
Blockquote Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) at sun.security.ssl.Handshaker.activate(Handshaker.java:470) [jsse.jar:1.7.0_79] at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1438) [jsse.jar:1.7.0_79] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1308) [jsse.jar:1.7.0_79] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) [jsse.jar:1.7.0_79] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) [jsse.jar:1.7.0_79] at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1314) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1309) at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_79] at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1307) ... 26 more
我已经在standalone.xml和jboss-ejb3.xml中输入了必填项
I have made required entries in standalone.xml and jboss-ejb3.xml
standalone.xml
standalone.xml
<system-properties>
<property name="javax.net.ssl.keyStore" value="${env.OPENSHIFT_REPO_DIR}/.openshift/config/mq.jks"/>
<property name="javax.net.ssl.keyStorePassword" value="password"/>
<property name="javax.net.ssl.trustStore" value="${env.OPENSHIFT_REPO_DIR}/.openshift/config/mq.jks"/>
<property name="javax.net.ssl.trustStorePassword" value="password"/>
<property name="sslCipherSuite" value="SSL_RSA_WITH_3DES_EDE_CBC_SHA"/>
<property name="org.apache.coyote.http11.Http11Protocol.COMPRESSION" value="on"/>
</system-properties>
<resource-adapter id='wmq.jmsra.rar'>
<archive>
wmq.jmsra.rar
</archive>
<transaction-support>NoTransaction</transaction-support>
<connection-definitions>
<connection-definition jndi-name='java:jboss/${env.OPENSHIFT_MQ_CLIENT_CONNECTIONFACTORY_NAME}' class-name='com.ibm.mq.connector.outbound.ManagedConnectionFactoryImpl' pool-name='wmq.jmsra.rar_CD'>
<config-property name='port'>
${env.OPENSHIFT_MQ_CLIENT_PORT}
</config-property>
<config-property name='hostName'>
${env.OPENSHIFT_MQ_CLIENT_HOST_NAME}
</config-property>
<config-property name='channel'>
${env.OPENSHIFT_MQ_CLIENT_CHANNEL}
</config-property>
<config-property name='transportType'>
${env.OPENSHIFT_MQ_CLIENT_TRANSPORT_TYPE}
</config-property>
<config-property name='queueManager'>
${env.OPENSHIFT_MQ_CLIENT_QUEUE_MANAGER}
</config-property>
<config-property name='sslCipherSuite'>
SSL_RSA_WITH_3DES_EDE_CBC_SHA
</config-property>
</connection-definition>
</connection-definitions>
<admin-objects>
<admin-object jndi-name='java:jboss/${env.OPENSHIFT_MQ_CLIENT_QUEUE_NAME1}' class-name='com.ibm.mq.connector.outbound.MQQueueProxy' pool-name='BNE_DEV_IN'>
<config-property name='baseQueueName'>
${env.OPENSHIFT_MQ_CLIENT_QUEUE_NAME1}
</config-property>
</admin-object>
</admin-objects>
</resource-adapter>
jboss-ejb3.xml
jboss-ejb3.xml
<activation-config>
<activation-config-property>
<activation-config-property-name>destination</activation-config-property-name>
<activation-config-property-value>QueueName</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>hostName</activation-config-property-name>
<activation-config-property-value>hostName</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>queueManager</activation-config-property-name>
<activation-config-property-value>qmanagerName</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>channel</activation-config-property-name>
<activation-config-property-value>channelName</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>transportType</activation-config-property-name>
<activation-config-property-value>CLIENT</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>destinationType</activation-config-property-name>
<activation-config-property-value>javax.jms.Queue</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>useJNDI</activation-config-property-name>
<activation-config-property-value>false</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>port</activation-config-property-name>
<activation-config-property-value>portNumber</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>sslCipherSuite</activation-config-property-name>
<activation-config-property-value>SSL_RSA_WITH_3DES_EDE_CBC_SHA</activation-config-property-value>
</activation-config-property>
任何人都可以帮助我找到丢失的东西吗?
Can anyone please help me to find what is missing?
推荐答案
尽管这并不是完整的答案,但希望能对您有所帮助.
Although this is not intended as a complete answer, I hope that it will assist.
直到最近,MQ不支持高级密码,除非使用IBM JRE.非IBM JRE不允许选择AES和其他基于TLS的密码.在IBM v8和PTF发行版的某些早期版本中,此问题已得到解决.请参阅 http://www-01.ibm.com/support/docview. wss?uid = swg1IV66840
Until recently, MQ did not support advanced ciphers except when the IBM JRE was used. Non-IBM JRE did not allow selection of AES and other TLS based ciphers. This was resolved in IBM v8 and in some earlier versions with the release of a PTF. See http://www-01.ibm.com/support/docview.wss?uid=swg1IV66840
请注意,要使用此功能,必须将Java系统属性com.ibm.mq.cfg.useIBMCipherMappings设置为false.
It is important to note that in order to use this capability, the Java System Property com.ibm.mq.cfg.useIBMCipherMappings must be set to false.
由于您正在使用JBOSS,所以我希望您没有在使用IBM JRE,因此您需要设置此Java系统属性.
Since you are using JBOSS, I expect that you are not using an IBM JRE, and you will therefore need to set this Java System Property.
这篇关于如何使用启用了Websphere SSL的MQ配置JBOSS连接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!