Use the extended transactional client with TLS channels

We cannot set up an TLS channel using the xa_open string. Follow these instructions to use the client channel definition table (ccdt).


Because of the limited size of the xa_open xa_info string, it is not possible to pass all the information required to set up an TLS channel using the xa_open string method of connecting to a queue manager. Therefore we must either use the client channel definition table or, if your transaction manager allows, create the channel with MQCONNX before issuing the xa_open call.

To use the client channel definition table, follow these steps:


Procedure

  1. Specify an xa_open string containing only the mandatory qmname (queue manager name) parameter, for example: XA_Open_String=qmname=MYQM
  2. Use a queue manager to define a CLNTCONN (client-connection) channel with the required TLS parameters. Include the queue manager name in the QMNAME attribute on the CLNTCONN definition. This will be matched up with the qmname in the xa_open string.
  3. Make the CLNTCONN definition available to the client system in a client channel definition table (CCDT) or, on Windows, in the active directory.
  4. If we are using a CCDT, identify the CCDT containing the definition of the CLNTCONN channel using environment variables MQCHLLIB and MQCHLTAB. Set these variables in the environments used by both the client application and the transaction manager.


Results

This gives the transaction manager a channel definition to the appropriate queue manager with the TLS attributes needed to authenticate correctly, including SSLCIPH, the CipherSpec. Parent topic: Configure XA-compliant transaction managers