WebSphere MQ SSL or TLS to the rescue!
tamekawoody 110000RMF4 Visits (2422)
When you are sending messages between queue managers or between clients and queue managers, most of the time there is a need to provide Secure Sockets Layer (SSL) / Transport Layer Security (TLS) in your environment. This type of security has keys that encrypt and decrypt the messages to ensure its integrity as it moves within the network. Thus the message is unable to be tampered with which could cause unwanted harm.
There are different ways to secure WebSphere MQ, such as using security exits or user security. However, when you use SSL/TLS security, you are using a more secure level. Although, you do not need to have an external well known certificate authority such as Versign, it is widely respected as being very secure. There are options to use an in-house certificate authority. You can also use self-signed certificates, although they are recommended for testing purposes.
Prior to configuring SSL/TLS, you should determine whether you will use one-way or two-way authentication. Let me attempt to clarify what this decision means. And no, it does not mean you are sending messages from system A to system B and from system B to system A. It is strictly dealing with one sender-receiver channel pair going between system A(sender) and system B(receiver):
Although in the above example, we continued to mention a receiver channel. This receiver channel can technically be of type receiver, server-connection, server, requester, or cluster receiver.
Once you have obtained your certificates, there are a few other items that should be configured:
For detailed information on configuring SSL, please see the following resources: