JMS Connection Issue To Websphere MQ Via SSL Caused by: java.io.IOException: Invalid keystore format (Doc ID 2374725.1)

Last updated on AUGUST 17, 2023

Applies to:

Symptoms

JMS connection issue to Websphere MQ via SSL

WebLogic platform Middleware upgrade involves the connection to WebsphereMQ interface via SSL which gets an update from 7.0.1.4a to 8.0.0.5a and has been encrypted via SSL. At this update some SSL Ciphers are eliminated as insecure, that we need to change to TLS_RSA_WITH_AES_256_CBC_SHA256. Since this change we have difficulties to establish the SSL connection in direction WebsphereMQ. The required MQ client java libs (providerutil.jar, fscontext.jar, com.ibm.mqjms.jar and com.ibm.mq.jmqi.jar) have been copied from the 8 version in the DOMAIN/lib directory. The aforementioned Cipher have been entered in the template for the .bindings file and Dcom.ibm.mq.cfg.useIBMCipherMappings=false configured as Java-Arg. The client-certificate is stored in a JCEKS Keystore. In the server log we see then, that the connection attempt fails and as a cause a 'Caused by: java.io.IOException: Invalid keystore format' occurs. However, we do not have a plausible explanation for it..

Complete error:

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.