MQ v8: SSL connection in Managed MQ .NET
Sudhanshu Pant 2700063TTS Comment (1) Visits (4144)
MQ v8 introduces managed dot net clients to establish a secure SSL connection to the Queue Manager. Prior to MQ v8, MQ.net supported SSL connections in unmanaged mode only, which is based on MQI C client libraries (and GSKit). That is, the SSL operations are handled by the C client libraries which doesn’t happen within the scope of .NET CLR, hence can’t be called as managed and the facilities that .NET CLR provides such as Memory management, exception management etc were not used. To provide a better way of utilizing the offerings in .NET CLR, MQ v8 has introduced the SSL connections using the managed .NET client.
MQ v8 managed .NET client provides support for all the major secure socket protocols including SSLv3, TLSv1.0, TLSv1.2 and TLSv1.2. You can read more information about this here.
IBM MQ ships a number of samples that demonstrate creating SSL connections to a queue manager in .NET Managed mode. To run the sample, one should follow the configuration steps mentioned below:
- To do that go to Start->Run->mmc. This will open the Windows Memory Management Console.
- Click File->Add/Remove Snap-ins, or press ctrl+m.
- Select "Certificates" from the left hand side dialog box and click "Add" button which will open a new pop-up window to select the account you want to import your certificate into.
- You can either choose "My user account" or "Computer account". Click Next and then Finish. You should see "Certificates" under Selected snap-ins as follows:
- Click OK to open the Certificate Management Console.
- To add the client side certificate (PKCS12 format), right click on the Personal store->All Tasks->Import:
- Go to Star
- Expand the "Computer Configuration -> Administrative Templates -> Network".
- Click on the "SSL Configuration Settings". You can double-click on the "SSL Cipher Suite Order" to set the desired cipher spec for the MQ channel.
- Select "Enabled" and give the name of the cipher spec you want to use under the "SSL Cipher Suites" box. Restart the system for the changes to take effect.
With this your Server and Client side configuration is done.
To run a Sample program say SimplePut.cs (inside C:\Program Files\IBM\WebSphere MQ\T
C:\Program Files\IBM\WebSphere MQ\T
(If your Key Repository in under User Account you can give *USER for the '-k' parameter.). The output looks like below: