There are quite a few useful utilities that run on windows that can be used to administer MQ queue managers, I have been using several of them. BUt what if you need to perform administration on a queue manager that has a high level of security, and can only be accessed over an SSL channel ? I have my queue managers on AIX, z/OS, and Tandem. I administer them from windows desktops that typically have MQ client and one or more utility programs on them. Here is what I have found when trying to connect to a queue manager over a SVRCONN channel that has a CipherSpec specified:
- MQ/Explorer works OK. You have to set up a jks keystore on windows. With certificates on either side, and the public part of each certificate moved to the other side, I am able to use an SSL channel with a CipherSpec of DES_SHA_EXPORT.
- MO71 works in a similar manner. I had set up a .kdb and a .jks keystores, I think MO71 is using the kdb.
- amqsputc works OK from a DOS window. You have to set up a CCDT on the client side.
Here are a couple I have not been able to get to work. Commercequest Queue Tool, and RFHUTIL. They both allow the SSL channel name to be specified when attempting a connect ( similarly to MO71 and MQ/Explorer )
So, here is my question. Has anyone been able to successfully get either of these 2 utility programs to connect to a remote queue manager over an SSL channel ? Are there any additional steps I need to take ?