ПОДКЛЮЧЕНИЕ к IBM MQ CLOUD

Я пытаюсь настроить ssl / tls между приложением и облаком, следуя этому https://cloud.ibm.com/docs/mqcloud?topic=mqcloud-mqoc_jms_tls.

Когда sslauth установлен как optional на канале приложения cloud mq CLOUD.APP.SVRCONN, я могу отправлять и получать сообщения.

Я загрузил сертификат и добавил его в хранилище доверенных сертификатов, используя следующую команду.

keytool -importcert -alias DigiCertRootCA -file qmgrcert.pem -keystore truststore.jks

Я передаю это фабрике соединений через sslcontext. (обратите внимание, что вся эта настройка работала с экземпляром docker ibmmq)

Код, с которым я пытаюсь это сделать, следующий.

            // Load in the keystore for SSL certificates
            FileInputStream keyStoreInputStream = new FileInputStream("/other/dev/MQ/keystore.jks");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(keyStoreInputStream, ("changeit").toCharArray());

            keyStoreInputStream.close();

            // Create a keyManager that can select the certificate with the correct alias
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, ("changeit").toCharArray());
            // final X509KeyManager defaultKm = (X509KeyManager)keyManagerFactory.getKeyManagers()[0];
            // X509KeyManager aliasKeyManager = new AliasKeyManagerWrapper(defaultKm, "server-certificate");

            // Create an SSLSocketFactory
            FileInputStream myKeys = new FileInputStream("truststore.jks");

            // Do the same with your trust store this time
            // Adapt how you load the keystore to your needs
            KeyStore myTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
            myTrustStore.load(myKeys, "changeit".toCharArray());

            myKeys.close();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(myTrustStore);
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

            // Get an SSLSocketFactory to pass to WMQ
            SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

            MQConnectionFactory cf = new MQConnectionFactory();
            // set "client" connection mode for remote queue manager, as opposed to attempting to connect to a local queue manager
            cf.setTransportType(WMQConstants.WMQ_CM_CLIENT);

            cf.setSSLSocketFactory(sslSocketFactory);

Я получаю следующую ошибку:

yatish.kadam@YKADAM-LT01:/other/dev/MQ$ java -Dcom.ibm.mq.cfg.useIBMCipherMappings=false -cp ./com.ibm.mq.allclient-9.1.4.0.jar:./javax.jms-api-2.0.1.jar:. com.ibm.mq.samples.jms.JmsPutGet
com.ibm.msg.client.jms.DetailedIllegalStateRuntimeException: JMSWMQ0018: Failed to connect to queue manager 'removed' with connection mode 'Client' and host name 'host name removed(31201)'.
Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.

Я использую oracle java .. 1.8 .. ibmmq version9 ...

Команда, которую я использую для запуска программы ...

java -Dcom.ibm.mq.cfg.useIBMCipherMappings=false -cp ./com.ibm.mq.allclient-9.1.4.0.jar:./javax.jms-api-2.0.1.jar:. com.ibm.mq.samples.jms.JmsPutGet

ошибка в ibmmq

----- amqrmrsa.c : 961 --------------------------------------------------------
05/31/20 18:57:58 - Process(984.8768) User(mqm) Program(amqrmppa)
                    Host() Installation(Installation1)
                    VRMF(9.1.5.0) QMgr()
                    Time(2020-05-31T18:57:58.942Z)
                    RemoteHost()
                    ArithInsert1(414)
                    CommentInsert1(????)
                    CommentInsert2(????)
                    CommentInsert3()

AMQ9633E: Bad SSL certificate for channel '????'.
EXPLANATION:
A certificate encountered during SSL handshaking is regarded as bad for one of
the following reasons: 
(a) it was formatted incorrectly and could not be validated 
(b) it was formatted correctly but failed validation against the Certification
  Authority (CA) root and other certificates held on the local system 
(c) it was found in a Certification Revocation List (CRL) on an LDAP server 
(d) a CRL was specified but the CRL could not be found on the LDAP server 
(e) an OCSP responder has indicated that it is revoked 
The channel is '????'; in some cases its name cannot be determined and so is
shown as '????'. The remote host is ''. The channel did not start. 
The details of the certificate which could not be validated are '????'. 
The certificate validation error was 0.
ACTION:
Check which of the possible causes applies on your system. Correct the error,
and restart the channel. 
This error might indicate that the remote end of the channel is configured to
send the wrong certificate. Check the certificate label configuration at the
remote end of the channel and ensure that the local key repository contains all
of the necessary CA certificates.
----- amqccisa.c : 8421 ---------------------------

Содержимое хранилища ключей:

Keystore type: jks
Keystore provider: SUN

Your keystore contains 3 entries

digicertrootca, May 31, 2020, trustedCertEntry, 
Certificate fingerprint (SHA1): 1F:B8:6B:11:68:EC:74:31:54:06:2E:8C:9C:C5:B1:71:A4:B7:CC:B4
digicertrootca11, May 31, 2020, trustedCertEntry, 
Certificate fingerprint (SHA1): 26:26:F7:42:08:95:39:27:8D:66:B6:51:49:12:D3:93:CA:2E:E1:9E
digicertrootca3, May 31, 2020, trustedCertEntry, 
Certificate fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36