Topic
  • 1 reply
  • Latest Post - ‏2013-04-29T20:55:54Z by fjb_saper
peterfa
peterfa
38 Posts

Pinned topic MQ Administration over SSL

‏2013-04-24T12:07:21Z |

There are quite a few useful utilities that run on windows that can be used to administer MQ queue managers, I have been using several of them. BUt what if you need to perform administration on a queue manager that has a high level of security, and can only be accessed over an SSL channel ? I have my queue managers on AIX, z/OS, and Tandem. I administer them from windows desktops that typically have MQ client and one or more utility programs on them. Here is what I have found when trying to connect to a queue manager over a SVRCONN channel that has a CipherSpec specified:

  • MQ/Explorer works OK. You have to set up a jks keystore on windows. With certificates on either side, and the public part of each certificate moved to the other side, I am able to use an SSL channel with a CipherSpec of DES_SHA_EXPORT.
  • MO71 works in a similar manner. I had set up a .kdb and a .jks keystores, I think MO71 is using the kdb.
  • amqsputc works OK from a DOS window. You have to set up a CCDT on the client side.

Here are a couple I have not been able to get to work. Commercequest Queue Tool, and RFHUTIL. They both allow the SSL channel name to be specified when attempting a connect ( similarly to MO71 and MQ/Explorer )

So, here is my question. Has anyone been able to successfully get either of these 2 utility programs to connect to a remote queue manager over an SSL channel ? Are there any additional steps I need to take ?

Thanks.

  • fjb_saper
    fjb_saper
    175 Posts

    Re: MQ Administration over SSL

    ‏2013-04-29T20:55:54Z  

    On RFHUtil look at the connection button (far right ,button first tab, middle section. YOu should then see a tab with all the fields required for SSL. Don't forget to check SSL required off when no longer needed.