How to reproduce the MQ SSL connection error "Channel negotiation failed" in a two way SSL. Attached the log trace.

How to reproduce the MQ SSL connection error "Channel negotiation failed" in a two way SSL. Attached the log trace.

book

Article ID: KB0085012

calendar_today

Updated On:

Products Versions
TIBCO ActiveMatrix BusinessWorks -
Not Applicable -

Description

Description:

Once MQ server asks for two way SSL and BW fails to send a client identity, the following error will be reported.


Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9204: Connection to host 'ncdap-tst1540.core.afcc.com(51515)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2059;AMQ9503: Channel negotiation failed. [3=RNTSTBC01.SVRCONN]],3=ncdap-tst1540.core.afcc.com(51515),5=RemoteConnection.analyseErrorSegment]


Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9503: Channel negotiation failed. [3=RNTSTBC01.SVRCONN]

Issue/Introduction

How to reproduce the MQ SSL connection error "Channel negotiation failed" in a two way SSL. Attached the log trace.

Resolution

1).  Disable two way SSL on the MQ Server side.

- Find the channel used by the Connection Factory.
- Open the property page and then the "SSL" tab.
- Change the SSL Authentication from "must" to "optional".

2).  Give the correct identity for the "JMS Connection" connecting to MQ Server in the BW project.

- You could enable SSL trace and check "*** CertificateRequest" sent by the MQ Server to check if the "identity" activity is configured correctly.


java.property.TIBCO_SECURITY_VENDOR=j2se
java.property.javax.net.debug=ssl,plaintext,record,handshake

- Or enter the following lines in the tra file to set the keystore and import client identity to the jks file:


java.property.javax.net.ssl.keyStore=/apps/tibco/certs/MQClient.jks
java.property.javax.net.ssl.keyStorePassword=password
java.property.javax.net.ssl.keyStoreType=JKS


See the following attached files for reference.


- Channel_negotiation_failed_UseEMSClientP12_two_way_ssl_no_certificate_in_SSL_handshake.txt
- Channel_negotiation_failed.PNG
- Channel_negotiation_failed.xml

Additional Information

The expert MQ issue KB page :
http://www-01.ibm.com/support/docview.wss?uid=swg21614686
Check "Resolving the problem" and its "Cause 1".

Attachments

How to reproduce the MQ SSL connection error "Channel negotiation failed" in a two way SSL. Attached the log trace. get_app
How to reproduce the MQ SSL connection error "Channel negotiation failed" in a two way SSL. Attached the log trace. get_app
How to reproduce the MQ SSL connection error "Channel negotiation failed" in a two way SSL. Attached the log trace. get_app
Powered by Wolken Software