Error handling when using TLS with IBM MQ classes for Java

A number of reason codes can be issued by IBM MQ classes for Java when connecting to a queue manager using TLS.

These are explained in the following list:

    MQRC_SSL_NOT_ALLOWED
    The sslCipherSuite property was set, but bindings connect was used. Only client connect supports TLS.

    MQRC_JSSE_ERROR
    The JSSE provider reported an error that could not be handled by IBM MQ. This could be caused by a configuration problem with JSSE, or because the certificate presented by the queue manager could not be validated. The exception produced by JSSE can be retrieved using the getCause() method on MQException.

    MQRC_SSL_INITIALIZATION_ERROR
    An MQCONN or MQCONNX call was issued with TLS configuration options specified, but an error occurred during the initialization of the TLS environment.

    MQRC_SSL_PEER_NAME_MISMATCH
    The DN pattern specified in the sslPeerName property did not match the DN presented by the queue manager.

    MQRC_SSL_PEER_NAME_ERROR
    The DN pattern specified in the sslPeerName property was not valid.

    MQRC_UNSUPPORTED_CIPHER_SUITE
    The CipherSuite named in sslCipherSuite was not recognized by the JSSE provider. A full list of CipherSuites supported by the JSSE provider can be obtained by a program using the SSLSocketFactory.getSupportedCipherSuites() method. A list of CipherSuites that can be used to communicate with IBM MQ can be found in TLS CipherSpecs and CipherSuites in IBM MQ classes for Java.

    MQRC_SSL_CERTIFICATE_REVOKED
    The certificate presented by the queue manager was found in a CRL specified with the sslCertStores property. Update the queue manager to use trusted certificates.

    MQRC_SSL_CERT_STORE_ERROR
    None of the supplied CertStores could be searched for the certificate presented by the queue manager. The MQException.getCause() method returns the error that occurred while searching the first CertStore attempted. If the causal exception is NoSuchElementException, ClassCastException, or NullPointerException, check that the Collection specified on the sslCertStores property contains at least one valid CertStore object.

Parent topic: Transport Layer Security (TLS) support in IBM MQ classes for Java