TLS/SSL troubleshooting information
Use the information listed here to help you solve problems with your TLS/SSL system.
Overview
You receive at least one of the
following error messages, for every problem documented within this
topic.
- JMSWMQ0018
Failed to connect to queue manager 'queue-manager-name' with connection mode 'connection-mode' and host name 'host-name'
- JMSCMQ001
WebSphere MQ call failed with completion code 2 ('MQCC_FAILED') reason 2397 ('MQRC_JSSE_ERROR')
The cause of the exception is listed as the first item within each section.
You should always list out the stacks and the cause of the first exception.
Although the information
for each error consists of the:
- Output from the sample
SystemOut.logorConsole. - Queue manager error log information.
- Solution to the problem.
stdout.Attention: The sample code includes stacks and
line numbers. This information is useful guidance, but the stacks
and line numbers are likely to change from one fix pack to another.
You should use the stacks and line numbers as a guide to locating the correct section, and not use the information specifically for diagnostic purposes.
Missing client personal certificate
- Output
- Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9503: Channel negotiation failed. [3=SYSTEM.DEF.SVRCONN] at com.ibm.mq.jmqi.remote.impl.RemoteConnection.analyseErrorSegment(RemoteConnection.java:4176) at com.ibm.mq.jmqi.remote.impl.RemoteConnection.receiveTSH(RemoteConnection.java:2969) at com.ibm.mq.jmqi.remote.impl.RemoteConnection.initSess(RemoteConnection.java:1180) at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:838) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection (RemoteConnectionSpecification.java:409) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession (RemoteConnectionSpecification.java:305) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:146) at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1868) - Queue manager error logs
- AMQ9637: Channel is lacking a certificate.
- Solution
- Add a personal certificate to the keystore of the client that has been signed by a certificate in the key database of the queue manager.
Missing server personal certificate
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake], 3=localhost/127.0.0.1:1414(localhost),4=SSLSocket.startHandshake,5=default] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:1020) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) ... 8 more
Caused by:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.ibm.jsse2.tc.a(tc.java:438) at com.ibm.jsse2.tc.g(tc.java:416) at com.ibm.jsse2.tc.a(tc.java:60) at com.ibm.jsse2.tc.startHandshake(tc.java:381) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection$6.run (RemoteTCPConnection.java:1005) at java.security.AccessController.doPrivileged(AccessController.java:202) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:1000) ... 11 morejava.io.EOFException: SSL peer shut down incorrectly at com.ibm.jsse2.a.a(a.java:120) at com.ibm.jsse2.tc.a(tc.java:540) ... 17 more - Queue manager error logs
- AMQ9637: Channel is lacking a certificate.
- Solution
- Add a personal certificate to the database of the queue manager,
that has been signed by a certificate in the truststore of the client,
and which has a label of the form
ibmwebspheremqqm<qmgr_name>.
Missing server signer on client
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[com.ibm.jsse2.util.j: PKIX path validation failed: java.security.cert.CertPathValidatorException: The certificate issued by CN=JohnDoe, O=COMPANY, L=YOURSITE, C=XX is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Signature does not match.],3=localhost/127.0.0.1:1418 (localhost),4=SSLSocket.startHandshake,5=default] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:1020) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) ... 8 morejavax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path validation failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.;internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=JohnDoe, O=COMPANY, L=YOURSITE, C=XX is not trusted; java.security.cert.CertPathValidatorException: Signature does not match. ... - Queue manager error logs
- AMQ9665: SSL connection closed by remote end of channel '????'.
- Solution
- Add the certificate used to sign the personal certificate of the queue manager to the truststore of the client.
Missing client signer on server
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'localhost(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[Software caused connection abort: socket write error], 3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]], 3=localhost(1414),5=RemoteTCPConnection.protocolConnect] at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:2010) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1227) at com.ibm.msg.client.wmq.internal.WMQConnection.(WMQConnection.java:355) ... 6 more
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[Software caused connection abort: socket write error], 3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:1020) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) ... 8 morejava.net.SocketException: Software caused connection abort: socket write error - Queue manager error logs
- AMQ9633: Bad SSL certificate for channel '????'.
- Solution
- Add the certificate used to sign the personal certificate of the queue manager to the truststore of the client.
Cipherspec Mismatch
- Output
- Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'SYSTEM.DEF.SVRCONN' to host ''. [3=SYSTEM.DEF.SVRCONN] at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment (RemoteConnection.java:4322) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH (RemoteConnection.java:2902) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess (RemoteConnection.java:1440) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1115) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) - Queue manager error logs
- AMQ9631: The CipherSpec negotiated during the SSL handshake does not match the required CipherSpec for channel 'SYSTEM.DEF.SVRCONN'.
- Solution
- Ensure that the cipher suite on the client matches the cipher spec on the server connection channel of the queue manager.
No cipher enabled on client
- Output
- Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'SYSTEM.DEF.SVRCONN'. [3=SYSTEM.DEF.SVRCONN] at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment (RemoteConnection.java:4322) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH (RemoteConnection.java:2902) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess (RemoteConnection.java:1440) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1115) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) - Queue manager error logs
- AMQ9639: Remote channel 'SYSTEM.DEF.SVRCONN' did not specify a CipherSpec.
- Solution
- Ensure that there is a cipher suite set on the client matching the cipher spec on the server connection channel of the queue manager.
No cipher enabled on queue manager's server connection channel
- Output
- Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'SYSTEM.DEF.SVRCONN'. [3=SYSTEM.DEF.SVRCONN] at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment (RemoteConnection.java:4322) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH (RemoteConnection.java:2902) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess (RemoteConnection.java:1440) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1115) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) - Queue manager error logs
- AMQ9635: Channel 'SYSTEM.DEF.SVRCONN' did not specify a valid CipherSpec.
- Solution
- Ensure that there is a cipher spec on the server connection channel of the queue manager that matches the cipher set on the client.
Using a non-FIPS cipher with FIPS enabled on client (not on server)
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed. [1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode], 3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1748) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:674) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:991) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect (RemoteFAP.java:1599) ... 8 morejava.lang.IllegalArgumentException: Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode at com.ibm.jsse2.q.a(q.java:84) at com.ibm.jsse2.r.(r.java:75) at com.ibm.jsse2.tc.setEnabledCipherSuites(tc.java:184) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1741) - Queue manager error logs
- Not applicable.
- Solution
- Either, disable FIPS on the client or, ensure that both FIPS is enabled on the server, and that a FIPS-enabled cipher is being used.
Using a non-FIPS cipher with FIPS enabled on the server (not on client)
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Received fatal alert: handshake_failure], 3=localhost/127.0.0.1:1418 (localhost),4=SSLSocket.startHandshake,5=default] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:1020) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) ... 8 morejavax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.ibm.jsse2.n.a(n.java:8) - Queue manager error logs
- AMQ9616: The CipherSpec proposed is not enabled on the SSL server.
- Solution
- Either disable FIPS on the server, or ensure that both FIPS is enabled on the client, and a FIPS-enabled cipher is being used.
Using FIPS cipher; FIPS not enabled on client
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Received fatal alert: handshake_failure], 3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:1020) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) ... 8 morejavax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.ibm.jsse2.n.a(n.java:8) - Queue manager error logs
- AMQ9616: The CipherSpec proposed is not enabled on the SSL server.
- Solution
- Ensure the value of SSLPEER set on the server-connection channel matches the distinguished name of the certificate.
Using non-FIPS cipher with FIPS enabled at both ends
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed. [1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode], 3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1748) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:674) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:991) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) ... 8 morejava.lang.IllegalArgumentException: Unsupported ciphersuite SSL_RSA_WITH_NULL_MD5 or ciphersuite is not supported in FIPS mode at com.ibm.jsse2.q.a(q.java:84) - Queue manager error logs
- Not applicable.
- Solution
- Either disable FIPS at both ends, or ensure that a FIPS-enabled cipher is being used
Value of SSLPEER on client does not match personal certificate
- Output
- Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2398;AMQ9636: SSL distinguished name does not match peer name, channel '?'. [4=CN=JohnDoe, O=COMPANY, L=YOURSITE, C=XX] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:1071) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) - Queue manager error logs
- Not applicable.
- Solution
- Ensure that the value of SSLPEER matches the distinguished name of the personal certificate.
Value of SSLPEER on server does not match personal certificate
- Output
- Caused by:
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9643: Remote SSL peer name error for channel 'SYSTEM.DEF.SVRCONN'.[3=SYSTEM.DEF.SVRCONN] at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.analyseErrorSegment (RemoteConnection.java:4330) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.receiveTSH (RemoteConnection.java:2902) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.initSess (RemoteConnection.java:1440) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1115) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) - Queue manager error logs
- AMQ9636: SSL distinguished name does not match peer name, channel 'SYSTEM.DEF.SVRCONN'.
- Solution
- Ensure that the value of SSLPEER matches the distinguished name of the personal certificate.
Listener not running on server
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9213: A communications error for occurred. [1=java.net.ConnectException[Connection refused: connect],3=localhost] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:663) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:991) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) ... 8 morejava.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) - Queue manager error logs
- Not applicable.
- Solution
- Start the listener on the queue manager.
Can not find client keystore
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'localhost(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]], 3=localhost(1414),5=RemoteTCPConnection.makeSocketSecure] at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:2010) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1227) at com.ibm.msg.client.wmq.internal.WMQConnection.(WMQConnection.java:355) ... 6 more
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1706) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:674) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:991) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) ... 8 more
Caused by:java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7) at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:1) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1699) ... 13 more
Caused by:java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: at java.security.Provider$Service.newInstance(Provider.java:894) at sun.security.jca.GetInstance.getInstance(GetInstance.java:299) at sun.security.jca.GetInstance.getInstance(GetInstance.java:237) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25) at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15) at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory (RemoteTCPConnection.java:2158) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1689) ... 13 morejava.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.lang.Exception: Keystore file does not exist: C:\keystore\wrongfile.jks - Queue manager error logs
- Not applicable.
- Solution
- Specify the correct name and location for the client keystore.
Client keystore password incorrect
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1706) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:674) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:991) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) ... 8 more
Caused by:java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7) at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:1) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1699) ... 13 more
Caused by:java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: at java.security.Provider$Service.newInstance(Provider.java:894) at sun.security.jca.GetInstance.getInstance(GetInstance.java:299) at sun.security.jca.GetInstance.getInstance(GetInstance.java:237) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25) at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15) at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory (RemoteTCPConnection.java:2158) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1689) ... 13 morejava.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.io.IOException: Keystore was tampered with, or password was incorrect - Queue manager error logs
- Not applicable.
- Solution
- Specify the correct password for the client keystore.
Can not find client truststore
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1706) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:674) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:991) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) ... 8 more
Caused by:java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7) at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:1) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1699) ... 13 more
Caused by:java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: at java.security.Provider$Service.newInstance(Provider.java:894) at sun.security.jca.GetInstance.getInstance(GetInstance.java:299) at sun.security.jca.GetInstance.getInstance(GetInstance.java:237) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25) at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15) at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory (RemoteTCPConnection.java:2158) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1689) ... 13 morejava.lang.Exception: Truststore file does not exist: C:\keystore\wrongfile.jks - Queue manager error logs
- Not applicable.
- Solution
- Specify the correct name and location for the client truststore.
Client truststore password incorrect
- Output
- Caused by:
Caused by:com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=java.net.SocketException[java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default] at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1706) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress (RemoteTCPConnection.java:674) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect (RemoteTCPConnection.java:991) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect (RemoteConnection.java:1112) at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection (RemoteConnectionPool.java:350) at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1599) ... 8 more
Caused by:java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7) at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:1) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1699) ... 13 more
Caused by:java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: at java.security.Provider$Service.newInstance(Provider.java:894) at sun.security.jca.GetInstance.getInstance(GetInstance.java:299) at sun.security.jca.GetInstance.getInstance(GetInstance.java:237) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:25) at javax.net.ssl.SSLContext.getDefault(SSLContext.java:15) at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:17) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory (RemoteTCPConnection.java:2158) at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1689) ... 13 more
Caused by:java.io.IOException: Keystore was tampered with, or password was incorrect at com.ibm.crypto.provider.JavaKeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:414) at com.ibm.jsse2.uc.a(uc.java:54) at com.ibm.jsse2.lc.f(lc.java:12) at com.ibm.jsse2.lc.(lc.java:16) at java.lang.J9VMInternals.newInstanceImpl(Native Method) at java.lang.Class.newInstance(Class.java:1345) at java.security.Provider$Service.newInstance(Provider.java:880) ... 20 morejava.security.UnrecoverableKeyException: Password verification failed - Queue manager error logs
- Not applicable.
- Solution
- Specify the correct password for the client truststore.