The MQ Agent fails to connect to the MQ Server when using SSL set to Required Client Authentication.
When the SSL channel is configured for non-required client authentication, it allows full connectivity, but when the channel is set to required client authentication the connection fails.
Note that the functionality works even when not using SSL.
When SHA or MD5 is configured on channel APM.SSL.SVRCONN, the Client/MQ server connection negotiation throws a JSSE exception. This occurs even when the MQ server certificate has been added to the client and the client certificate has been added to the server.
The following messages are logged in the Agent Log:
ERROR] [com.wily.powerpack.websphereMQ.agent.MQMonitor.TracerDriverThread] MQMonitor: For configuration instance MQAPMTST@test_dev_machine and the drivers(namelist,cluster) an error occurred in sending query to MQ. The target MQ (test_dev_machine:port#) may be down. Reason code 2397 MQRC_JSSE_ERROR
$ openssl s_client -connect test_dev_machine :port# -prexit CONNECTED(00000003)
14815:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188