The MQ on Cloud team continually looks to improve on and expand the reach of our product.
Due to popular demand, we are pleased to announce that MQ on Cloud is now publicly available in IBM Cloud US East (Washington DC) for our Default pay-as-you-go and Custom Enterprise plans. This additional US East region will also allow you better HA options in North America.
MQ on Cloud in US East is our first supported region that has fully automated certificate management. Queue manager default certificates are now renewed and made available using IBM Certificate Manager and Let's Encrypt ACME-protocol-based CA. Currently, other regions are still using DigiCert as a Certificate Authority but will be subject to change when those certificates get closer to expiry.
If you are currently utilising TLS or AMS using the IBM-provided certificate and are looking to migrate from another region to IBM Cloud US East, you will need to ensure that your client applications now trust the Let's Encrypt CA. Furthermore, if you are looking to connect applications to queue managers in both US East and in one of our other regions, you will need (for the time being) to have both the DigiCert and Let's Encrypt CA certificates present in your trust store.
Where the DigiCert certificates have a one-year expiration period, Let's Encrypt certificates have a life span of 90 days. This improves security but does have the side effect where if you explicitly trust the leaf, then you will need to update your trust store more regularly. In this case, we recommend that you trust the signing CA or utilise your own certificate, as documented in our certificate management policy.
While we haven't enabled the Lite plan in IBM Cloud US East, you are still able to access and explore the power of MQ in the cloud using our Lite plan in the following IBM Cloud locations:
- US South (Dallas)
- United Kingdom (London)
- Germany (Frankfurt)
- Australia (Sydney)