SSLPEERNAME
The SSLPEERNAME attribute is used to check the Distinguished Name (DN) of the certificate from the peer queue manager.
In IBM MQ .NET, applications can use SSLPEERNAME to specify a distinguished name pattern as shown in the following example.SSLPEERNAME(CN=QMGR.*, OU=IBM, OU=WEBSPHERE)
As for other IBM MQ clients, SSLPEERNAME is an optional parameter.
If SSLPEERNAME value is not set, the IBM MQ.NET managed client does not do any Remote(Server) certificate validation and the managed client just accepts the Remote(/server) certificate as-is.
The way in which you set SSLPEERNAME depends on which of the IBM MQ stack offerings we are using.
- IBM MQ classes for .NET
- There are three options as follows.
- Set MQEnvironment.SSLPeerName in the MQEnvironment class.
- MQEnvironment.properties.Add(MQC.SSL_PEER_NAME_PROPERTY, value)
- Use the queue manager constructor MQQueueManager (String queueManagerName, Hashtable properties). Supply the SSLPEERNAME in the Hashtable properties as for option 2.
- XMS .NET
- Set the SSL peer name in the connection factory:
ConnectionFactory.SetStringProperty(XMSC.WMQ_SSL_PEER_NAME, value);
- WCF
- Include SslPeerName as a semicolon separated field in the URI.
Parent topic: TLS support for the managed .NET client
Related information