Message Channel Agent (MCA) interception and AMS
MCA interception enables a queue manager running under IBM® MQ to selectively enable policies to be applied for server connection channels.
MCA interception allows clients that remain outside AMS to still be connected to a queue manager and their messages to be encrypted and decrypted.
MCA interception is intended to provide AMS capability when AMS cannot be enabled at the client. Note that using MCA interception and an AMS-enabled client leads to double-protection of messages which might be problematic for receiving applications. For more information, see Disabling Advanced Message Security at the client.
Keystore configuration file
By default, the keystore configuration file for MCA interception is
keystore.conf
and is located in the .mqs directory in the HOME
directory path of the user who started the queue manager or the listener. The keystore can also be
configured by using the MQS_KEYSTORE_CONF environment variable. For more information about
configuring the AMS keystore, see Using keystores and certificates with AMS.
To enable MCA interception, you must provide the name of a channel that you want to use in the keystore configuration file. For MCA Interception, only a cms keystore type can be used.
See MCA interception example for AMS for an example of setting up MCA interception.
If your enterprise uses IBM i, and you selected a commercial Certificate Authority (CA) to sign your certificate, the Digital Certificate Manager creates a certificate request in PEM (Privacy-Enhanced Mail) format. You must forward the request to your chosen CA.
channelname
:
pem.certificate.channel.channelname