External Integrations to IBM MQ
IBM® MQ-based integration is supported by IBM to integrate Sterling Order Management System with any external third-party system.
About this task
Access to MQ server within Sterling Order Management System environment is configured by using Mutual Authentication. MQ server is secured with Digicert Signed CA certificate and Client Authentication. Client Authentication is a process by which users or clients can securely access any services from a server by exchanging digital certificates.
To connect to MQ server by using any client for any external integration to MQ, you must configure the client with an SSL/TLS client certificate that is generated by using the Self Service along with trusting the Digicert Root.
Watch a video to learn how you can connect to the Sterling Order Management System queue manager.
Procedure
What to do next
-
Cipher: MQ server runs with
ANY_TLS1.2_OR_HIGHER
. The ciphers that are included inANY_TLS1.2_OR_HIGHER
are:ECDHE_RSA_AES_128_GCM_SHA256
ECDHE_RSA_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
ECDHE_ECDSA_AES_128_GCM_SHA256
ECDHE_ECDSA_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_CCM_SHA256
You can use any cipher from this list to connect to MQ. For the cipher chosen, find the equivalent cipher suite for your Java from TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS.
For example, if the client software supports
ECDHE_RSA_AES_128_GCM_SHA256
, then the compatible cipher for IBM JRE isSSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
and for Oracle JRE isTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
. - Queue Manager name:
OM_QMGR
- CHANNEL:
SYSTEM.TLS.SVRCONN
- Hostname:
<tenant_code>-<env>-<envno>-mq.oms.supply-chain.ibm.com
For example, if tenant code isbetap
, then host isbetap-dev-1-mq.oms.supply-chain.ibm.com
- Port:
15443
Additional arguments
With the MQ client version 9.2.1(CD version) and later, use the following JVM argument for Java-based clients or tools:
If the third-party client or tool is C or .NET(Unmanaged), pass-Dcom.ibm.mq.cfg.SSL.outboundSNI=Hostname
OutboundSNI=HOSTNAME
in the SSL stanza of the mqclient.ini file. This attribute can be read by C, unmanaged .NET, IBM MQ classes for Java, and IBM MQ classes for Java, and IBM MQ classes for JMS clients only.Note: If you are using the Oracle JDK pass, use the following JVM argument.-Dcom.ibm.mq.cfg.useIBMCipherMappings=false