Question & Answer
Question
The objective of this document is to provide step-by-step details to:
- connect an MQ JMS client,
- to a single-instance queue manager running in Linux,
- using self-signed certificates (ok for Test queue managers, but not for Production, because no Certification Authority is involved, that is, no root certificates).
- 2-way authentication (client authenticates the queue manager, and the queue manager authenticates the client).
- using runmqckm (iKeycmd) from the command line, that is, not using the strmqikm (iKeyman) GUI.
- connect an MQ JMS client,
- to a single-instance queue manager running in Linux,
- using self-signed certificates (ok for Test queue managers, but not for Production, because no Certification Authority is involved, that is, no root certificates).
- 2-way authentication (client authenticates the queue manager, and the queue manager authenticates the client).
- using runmqckm (iKeycmd) from the command line, that is, not using the strmqikm (iKeyman) GUI.
For illustration purposes the following protocol will be used:
TLS 1.3 compliant: TLS_AES_128_GCM_SHA256
TLS 1.3 compliant: TLS_AES_128_GCM_SHA256
Answer
+++ See attached PDF file:
+ Provided sample:
The Java GitHub sample SSLSampleJMS.java is used for testing because it does not require a CCDT.
https://github.com/ibm-messaging/mq-tls-ssl-wizard/blob/master/com.ibm.mq.ssl-wizard/src/tlswizard/samples/SSLSampleJMS.java#L1
GitHub, SSLSampleJMS for IBM MQ
https://github.com/ibm-messaging/mq-tls-ssl-wizard/blob/master/com.ibm.mq.ssl-wizard/src/tlswizard/samples/SSLSampleJMS.java#L1
GitHub, SSLSampleJMS for IBM MQ
You can download the following zip or tar.gz file:
Windows:
Linux:
The zip / tar.gz files include the modified source code (the "package" statement was commented out) and the compiled class file of the modified code, is available in the web page show at the top of this cover page:
SSLSampleJMS.java
SSLSampleJMS.class
SSLSampleJMS.java
SSLSampleJMS.class
DISCLAIMER: All source code and/or binaries attached to this document are referred to here as "the Program". IBM is not providing program services of any kind for the Program. IBM is providing the Program on an "AS IS" basis without warranty of any kind. IBM WILL NOT BE LIABLE FOR ANY ACTUAL, DIRECT, SPECIAL, INCIDENTAL, OR INDIRECT DAMAGES OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), EVEN IF IBM, OR ITS RESELLER, HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ Tags:
DetailedJMSException; JMSWMQ0018; MQException; JMSCMQ0001; 2397; MQRC_JSSE_ERROR; JmqiException; AMQ9204; AMQ9771; SSL handshake failed; SSLException; java.security.InvalidAlgorithmParameterException; the trustAnchors parameter must be non-empty; javax.net.ssl.trustStore; trustStore; Angel Rivera; Rich Montjoy; "MQ SSL"; "MQ TLS"; MQSSL; MQTLS
+++ end +++
[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"ARM Category":[{"code":"a8m0z00000008MzAAI","label":"Security"}],"ARM Case Number":"TS015586266","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
15 March 2024
UID
ibm17142241