Bootstrap FreeKB - IBM MQ - Resolve "AMQ9771 SSL handshake failed"
IBM MQ - Resolve "AMQ9771 SSL handshake failed"
Updated:   |  IBM MQ articles

Let's say the IBM MQ log contains something like this.

AMQ9771: SSL handshake failed

 

For example, let's say a Java app is attempting to connect to IBM MQ. Following are the most probably things that would cause "AMQ9771 SSL handshake failed".

  • Incorrect SSL Cipher - If you have access to the IBM MQ system, use the display channel command to determine the name of the channel and the SSL cipher
  • The truststore being used does not contain a certificate that can be used in the SSL handshake with IBM MQ - - The Java keytool command can be used to list the certificates in the truststore
  • Incorrect truststore type - The Java keytool command can be used to determine the truststore type (JKS or PKCS12)
  • Incorrect truststore password - The Java keytool command can be used to determine if the password is valid for the truststore

You may also want to IBM MQ - SSL for more information on IBM MQ and SSL.

import java.util.Hashtable;
import com.ibm.mq.MQException;
import com.ibm.mq.MQQueueManager;
import com.ibm.mq.constants.MQConstants;
public class Main {
  public static void main(String[] args) throws MQException {
    Hashtable<String, Object> properties = new Hashtable<String, Object>();
   
    properties.put(MQConstants.HOST_NAME_PROPERTY, "your ibm mq server or cluster hostname");
    properties.put(MQConstants.PORT_PROPERTY, 1414); 
    properties.put(MQConstants.CHANNEL_PROPERTY, "your ibm mq channel"); 
    properties.put(MQConstants.USER_ID_PROPERTY, "your ibm mq username");
    properties.put(MQConstants.PASSWORD_PROPERTY, "your ibm mq password");
    properties.put(MQConstants.USE_MQCSP_AUTHENTICATION_PROPERTY, true);
    properties.put(MQConstants.SSL_CIPHER_SUITE_PROPERTY, "SSL_RSA_WITH_AES_256_CBC_SHA256");

    System.setProperty("javax.net.ssl.trustStore", "C:\\Users\\john.doe\\cacerts");
    System.setProperty("javax.net.ssl.trustStoreType", "pkcs12");
    System.setProperty("javax.net.ssl.trustStorePassword", "itsasecret");

    try {
      MQQueueManager queueManagerConnection = new MQQueueManager("MANAGER01", properties);
      if (queueManagerConnection.isConnected()) {
        System.out.println("Successfully connected to CHANNEL01");
      }
      else {
        System.out.println("Failed to connect to CHANNEL01");
      }
      queueManagerConnection.disconnect();
      System.out.println("Successfully disconnected from queue manager MANAGER01");
    } catch (MQException e) {
      e.printStackTrace();
    }
  }
}

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 5e812a in the box below so that we can be sure you are a human.