Error handling when using TLS with IBM MQ classes for Java
A number of reason codes can be issued by IBM MQ classes for Java when connecting to a queue manager using TLS.
These are explained in the following list:
- MQRC_SSL_NOT_ALLOWED
- The sslCipherSuite property was set, but bindings connect was used. Only client connect supports TLS.
- MQRC_JSSE_ERROR
- The JSSE provider reported an error that could not be handled by IBM MQ. This could be caused by a configuration problem with JSSE, or because the certificate presented by the queue manager could not be validated. The exception produced by JSSE can be retrieved using the getCause() method on MQException.
- MQRC_SSL_INITIALIZATION_ERROR
- An MQCONN or MQCONNX call was issued with TLS configuration options specified, but an error occurred during the initialization of the TLS environment.
- MQRC_SSL_PEER_NAME_MISMATCH
- The DN pattern specified in the sslPeerName property did not match the DN presented by the queue manager.
- MQRC_SSL_PEER_NAME_ERROR
- The DN pattern specified in the sslPeerName property was not valid.
- MQRC_UNSUPPORTED_CIPHER_SUITE
- The CipherSuite named in sslCipherSuite was not recognized by the JSSE provider. A full list of CipherSuites supported by the JSSE provider can be obtained by a program using the SSLSocketFactory.getSupportedCipherSuites() method. A list of CipherSuites that can be used to communicate with IBM MQ can be found in TLS CipherSpecs and CipherSuites in IBM MQ classes for Java.
- MQRC_SSL_CERTIFICATE_REVOKED
- The certificate presented by the queue manager was found in a CRL specified with the sslCertStores property. Update the queue manager to use trusted certificates.
- MQRC_SSL_CERT_STORE_ERROR
- None of the supplied CertStores could be searched for the certificate presented by the queue manager. The MQException.getCause() method returns the error that occurred while searching the first CertStore attempted. If the causal exception is NoSuchElementException, ClassCastException, or NullPointerException, check that the Collection specified on the sslCertStores property contains at least one valid CertStore object.