IBM MQ 9.1 is EOS 30th September 2023.Click EOS notice for more details
Connecting two queue managers using one-way authentication
Follow these sample instructions to modify a system with mutual authentication to allow a
queue manager to connect using one-way authentication to another; that is, when the SSL/TLS client
does not send a certificate.
Key repositories and channels are changed as illustrated in Figure 1
If the sender channel was not running, start it.
Note: If the sender channel was running and you issued the REFRESH SECURITY TYPE(SSL) command (in step 2), the channel restarts automatically.
At the server end of the channel, the presence of the peer name parameter value on the channel status display indicates that a client certificate has flowed.
Verify that the task has been completed successfully by issuing some DISPLAY commands.
If the task was successful, the resulting output is similar to that shown in the following examples:
From the QM1 queue manager, enter the following command:
DISPLAY CHS(TO.QM2) SSLPEER SSLCERTI
The resulting output will be similar
to the following example:
On QM2, the SSLPEER field is empty, showing that QM1 did not send a certificate. On QM1, the value
of SSLPEER matches that of the DN in QM2's personal certificate.