Ensuring security in any cloud-based software service is always of maximum importance.
IBM MQ on Cloud is continually working on maintaining a reliable and secure environment. As part of our continual rollout of queue manager upgrades, we are always looking for ways to improve the experience for our users, ensuring security of queue managers and that data is never compromised.
TLS enabled by default on all new MQ on Cloud queue managers
TLS security will now be enabled by default on both of the predefined application channels on all MQ on Cloud queue managers running version 9.2.2 revision 1 or above. The predefined channels ‘CLOUD.ADMIN.SVRCONN’ and ‘CLOUD.APP.SVRCONN’ are now configured to use SSL cipher specification ‘ANY_TLS12_OR_HIGHER’. All applications connecting to a queue manager using a TLS-enabled channel must trust the Let’s Encrypt CA certificate from the queue manager in order to successfully connect.
How to connect admin applications to a TLS-enabled queue manager
To connect using an administration client, such as MQ Explorer or runmqsc, you will need some additional configuration to connect via the predefined channels.
Here are links to relevant topics that will walk you through how to connect administrative applications to your cloud queue manager using TLS:
When configuring additional application channels, it is highly recommended to use TLS channels in order to protect credentials and data between applications and queue managers. It is, therefore, strongly advised that if you create user-defined channels in your MQ on Cloud queue manager, to consider enabling TLS on them and following our detailed guides on how to configure your applications to form a secure connection.