java.lang.SecurityException 在执行 IBM Websphere runmqckm 命令时
java.lang.SecurityException when executing IBM Websphere runmqckm command
我正在尝试为 IBM MQ 服务器设置 ssl,当我执行命令时
runmqckm -keydb -create -db keydb.kdb -pw password -type cms -expire 1500 -stash
作为步骤之一,它失败并出现以下异常。
Exception in thread "main" java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.ensureError(J9VMInternals.java:186)
at java.lang.J9VMInternals.recordInitializationFailure(J9VMInternals.java:175)
at javax.crypto.Mac.getInstance(Unknown Source)
at com.ibm.security.cmskeystore.FileHeaderHashGeneratorFactory$FileHeaderHashGeneratorV4Impl.generateHash(FileHeaderHashGeneratorFactory.java:145)
at com.ibm.security.cmskeystore.CMSKeyStoreSpi.engineLoad(CMSKeyStoreSpi.java:1206)
at java.security.KeyStore.load(KeyStore.java:1226)
at com.ibm.gsk.ikeyman.keystore.KeyStoreProxyCreatorFactory$FileKeyStoreProxy.performLoad(KeyStoreProxyCreatorFactory.java:304)
at com.ibm.gsk.ikeyman.keystore.KeyStoreProxyCreatorFactory$CMSKeyStoreProxy.performLoad(KeyStoreProxyCreatorFactory.java:437)
at com.ibm.gsk.ikeyman.keystore.KeyStoreProxyCreatorFactory$FileKeyStoreProxy.load(KeyStoreProxyCreatorFactory.java:253)
at com.ibm.gsk.ikeyman.keystore.KeyStoreProxyCreatorFactory$AbstractKeyStoreProxy.getKeyStore(KeyStoreProxyCreatorFactory.java:193)
at com.ibm.gsk.ikeyman.keystore.KeyStoreItemFactory.getCMSKeyStoreItem(KeyStoreItemFactory.java:323)
at com.ibm.gsk.ikeyman.keystore.KeyStoreItemFactory.newCMSKeyStoreItem(KeyStoreItemFactory.java:294)
at com.ibm.gsk.ikeyman.keystore.KeyStoreItemFactory.createKeyStore(KeyStoreItemFactory.java:115)
at com.ibm.gsk.ikeyman.command.CommandFactory$CreateDbCommand.run(CommandFactory.java:402)
at com.ibm.gsk.ikeyman.command.Command.invoke(Command.java:203)
at com.ibm.gsk.ikeyman.ikeycmd.main(ikeycmd.java:62)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.b.<clinit>(Unknown Source)
... 14 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.c(Unknown Source)
at javax.crypto.b.access0(Unknown Source)
at javax.crypto.b[=11=].run(Unknown Source)
at java.security.AccessController.doPrivileged(AccessController.java:333)
... 15 more
我的Websphere和Java版本信息如下
Websphere
Name: WebSphere MQ
Version: 8.0.0.2
Level: p800-002-150519.TRIAL
BuildType: IKAP - (Production)
Platform: WebSphere MQ for Linux (x86-64 platform)
Mode: 64-bit
O/S: Linux 2.6.32-504.el6.x86_64
InstName: Installation1
InstDesc:
Primary: Yes
InstPath: /opt/mqm
DataPath: /var/mqm
MaxCmdLevel: 801
LicenseType: Production
Java
java version "1.7.0_80"
Java(TM) SE Runtime Environment (build 1.7.0_80-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed mode)
谁能帮我解决这个问题?
我自己想出了解决办法,贴在下面,以供日后其他人参考。
从 https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=jcesdk.
将 local_policy.jar 和 US_export_policy.jar 文件复制到 <mq_installation_path>/java/jre64/jre/lib/security文件夹。
- 将两个文件的所有权和可执行权限授予 mqm 用户。
我正在尝试为 IBM MQ 服务器设置 ssl,当我执行命令时
runmqckm -keydb -create -db keydb.kdb -pw password -type cms -expire 1500 -stash
作为步骤之一,它失败并出现以下异常。
Exception in thread "main" java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.ensureError(J9VMInternals.java:186)
at java.lang.J9VMInternals.recordInitializationFailure(J9VMInternals.java:175)
at javax.crypto.Mac.getInstance(Unknown Source)
at com.ibm.security.cmskeystore.FileHeaderHashGeneratorFactory$FileHeaderHashGeneratorV4Impl.generateHash(FileHeaderHashGeneratorFactory.java:145)
at com.ibm.security.cmskeystore.CMSKeyStoreSpi.engineLoad(CMSKeyStoreSpi.java:1206)
at java.security.KeyStore.load(KeyStore.java:1226)
at com.ibm.gsk.ikeyman.keystore.KeyStoreProxyCreatorFactory$FileKeyStoreProxy.performLoad(KeyStoreProxyCreatorFactory.java:304)
at com.ibm.gsk.ikeyman.keystore.KeyStoreProxyCreatorFactory$CMSKeyStoreProxy.performLoad(KeyStoreProxyCreatorFactory.java:437)
at com.ibm.gsk.ikeyman.keystore.KeyStoreProxyCreatorFactory$FileKeyStoreProxy.load(KeyStoreProxyCreatorFactory.java:253)
at com.ibm.gsk.ikeyman.keystore.KeyStoreProxyCreatorFactory$AbstractKeyStoreProxy.getKeyStore(KeyStoreProxyCreatorFactory.java:193)
at com.ibm.gsk.ikeyman.keystore.KeyStoreItemFactory.getCMSKeyStoreItem(KeyStoreItemFactory.java:323)
at com.ibm.gsk.ikeyman.keystore.KeyStoreItemFactory.newCMSKeyStoreItem(KeyStoreItemFactory.java:294)
at com.ibm.gsk.ikeyman.keystore.KeyStoreItemFactory.createKeyStore(KeyStoreItemFactory.java:115)
at com.ibm.gsk.ikeyman.command.CommandFactory$CreateDbCommand.run(CommandFactory.java:402)
at com.ibm.gsk.ikeyman.command.Command.invoke(Command.java:203)
at com.ibm.gsk.ikeyman.ikeycmd.main(ikeycmd.java:62)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.b.<clinit>(Unknown Source)
... 14 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.c(Unknown Source)
at javax.crypto.b.access0(Unknown Source)
at javax.crypto.b[=11=].run(Unknown Source)
at java.security.AccessController.doPrivileged(AccessController.java:333)
... 15 more
我的Websphere和Java版本信息如下
Websphere
Name: WebSphere MQ
Version: 8.0.0.2
Level: p800-002-150519.TRIAL
BuildType: IKAP - (Production)
Platform: WebSphere MQ for Linux (x86-64 platform)
Mode: 64-bit
O/S: Linux 2.6.32-504.el6.x86_64
InstName: Installation1
InstDesc:
Primary: Yes
InstPath: /opt/mqm
DataPath: /var/mqm
MaxCmdLevel: 801
LicenseType: Production
Java
java version "1.7.0_80"
Java(TM) SE Runtime Environment (build 1.7.0_80-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed mode)
谁能帮我解决这个问题?
我自己想出了解决办法,贴在下面,以供日后其他人参考。
从 https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=jcesdk.
下载 IBM Unrestricted SDK JCE 策略文件
将 local_policy.jar 和 US_export_policy.jar 文件复制到
<mq_installation_path>/java/jre64/jre/lib/security文件夹。- 将两个文件的所有权和可执行权限授予 mqm 用户。