White Papers
Abstract
The objective of this technical document is to describe in detail how to configure the environment for two MQ users who will be using remote access to a queue manager that is using the MQ Advanced Message Security (AMS).
Content
This document shows how to perform a basic test using the following MQ samples which use remote network or client connection: amqsputc and amqsgetc by 3 users in 3 hosts:
- host-1 for the queue manager (QM_VERIFY_AMS in port 1456).
- host-2 for user ‘mary’ who will be authorized to put a message into a protected queue by AMS.
- host-3 for user ‘john’ who will be authorized to get a message from the protected queue.
- host-1 for the queue manager (QM_VERIFY_AMS in port 1456).
- host-2 for user ‘mary’ who will be authorized to put a message into a protected queue by AMS.
- host-3 for user ‘john’ who will be authorized to get a message from the protected queue.
Because the use or lack of use of encryption on the server-connection channel is not relevant for AMS (AMS protects messages at rest at the queue manager), then, in or-der to keep this tutorial short, the server-connection channel that is going to be used is NOT enabled for TLS.
However, the userid and password will be used when using the MQ samples amqsputc and amqsgetc.
However, the userid and password will be used when using the MQ samples amqsputc and amqsgetc.
.
The chapters in this techdoc are:
Chapter 1: Topology and Configuration
Chapter 2: Creating key database and certificates, host-2 (mary) / host-3 (john)
Chapter 3: Creating keystore.conf for each user
Chapter 4: Sharing Certificates
Chapter 5: Using amqsputc from host-2 and amqsgetc from host-3
The chapters in this techdoc are:
Chapter 1: Topology and Configuration
Chapter 2: Creating key database and certificates, host-2 (mary) / host-3 (john)
Chapter 3: Creating keystore.conf for each user
Chapter 4: Sharing Certificates
Chapter 5: Using amqsputc from host-2 and amqsgetc from host-3
.
++ Update on 07-Jun-2023:
- MQ 9.3.2 CD and MQ 9.3.0.2 LTS under RHEL 8.6 were used to validate the scenari-os.
- Minor corrections and improvements were done (Thank you Bob Gibson!)
.
- MQ 9.3.2 CD and MQ 9.3.0.2 LTS under RHEL 8.6 were used to validate the scenari-os.
- Minor corrections and improvements were done (Thank you Bob Gibson!)
.
++ Update on 30-Apr-2022:
- MQ 9.2.5 CD was used under RHEL 8.5 to validate the scenarios.
- Minor corrections and improvements were done (Thank you Bob Gibson!)
+ For the installation, configuration of AMS and initial testing of put/get using “bindings mode” (within the same host as the queue manager) see the following tutorial:
- Minor corrections and improvements were done (Thank you Bob Gibson!)
+ For the installation, configuration of AMS and initial testing of put/get using “bindings mode” (within the same host as the queue manager) see the following tutorial:
https://www.ibm.com/support/pages/node/598373
Installation, Configuration and Basic Test of MQ 9.0 Advanced Message Security (AMS) in Linux
Installation, Configuration and Basic Test of MQ 9.0 Advanced Message Security (AMS) in Linux
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"ARM Category":[{"code":"a8m0z00000008QNAAY","label":"Security-\u003EAdvanced Message Security"}],"ARM Case Number":"TS003867461","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
07 June 2023
UID
ibm16244608