Using the distinguished name of the queue manager in IBM MQ classes for Java

The queue manager identifies itself using an SSL certificate, which contains a distinguished name (DN). An IBM® MQ classes for Java client application can use this DN to ensure that it is communicating with the correct queue manager.

A DN pattern is specified using the sslPeerName variable of MQEnvironment. For example, setting:


MQEnvironment.sslPeerName = "CN=QMGR.*, OU=IBM, OU=WEBSPHERE";

allows the connection to succeed only if the queue manager presents a certificate with a Common Name beginning QMGR., and at least two Organizational Unit names, the first of which must be IBM and the second WebSphere®.

If sslPeerName is set, connections succeed only if it is set to a valid pattern and the queue manager presents a matching certificate.

An application can also specify the distinguished name of the queue manager by setting the environment property CMQC.SSL_PEER_NAME_PROPERTY. For more information about distinguished names, see Distinguished names.