IBM Support

MQ and SSL/TLS Demystified Part 1: Troubleshooting MQ Certificate Issues

White Papers


The objective of this technical document is to provide information on Troubleshooting MQ SSL/TLS issues. In this Part 1, we will deal specifically with SSL Keystore and certificate issues.


Table of Contents:

Part 1 - Troubleshooting MQ certificate issues
Some MQ SSL Basics
SSL Server/Client
A simplistic view of a certificate
Basic MQ Management commands
Simplified MQ certificate process
Troubleshooting Keystore/Certificate issues
I - Certificate keystore exists and is valid/accessible
II - Certificates exist, Certificate names are correct
III - Certificate chain to a CA Root certificate exists and is valid
IV - Certificates are marked as "Trusted"
V - Certificate dates are good.
VI - Certificates are not revoked.
VII - Remote certificate passed during SSL negotiation is validated.
VIII – Ensure the correct signer certificates were exchanged
Diagnostics to collect if IBM support needed: (for SSL keystore/certificate issue)
Related Links and Information


[{"Product":{"code":"SSFKSJ","label":"WebSphere MQ"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"SSL","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.0;7.5;7.1","Edition":"All Editions","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSYHRD","label":"IBM MQ"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018