Create the channels to use TLS
Create a new channel that uses TLS to create a connection.
Before starting
To communicate over a channel that uses TLS, first we must have the required certificates for each end of the connection. To create the required certificates, follow the instructions in Preparing the queue managers to use TLS.
About this task
Use the MQSC interface to define channels with TLS attributes set. This task can be done even if you defined your channels without TLS in a prior step through the use of the REPLACE keyword.
Procedure
- On the command-line, type:
runmqsc QM1- Create the sender channel on QM1, called TO.QM2, in the MQSC interface, type:
DEFINE CHANNEL(TO.QM2) CHLTYPE(SDR) TRPTYPE(TCP) CONNAME('remoteHost') XMITQ(QM2) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) DESCR('Sender channel using TLS from QM1 to QM2') REPLACENote: The variable remoteHost is the host name or IP address of the target queue manager.We can specify a CERTLABL attribute for the channel. If you do, it must match the value on the -label parameter of the runmqckm command that you previously ran in step 3 of Preparing the queue managers to use TLS. For more information on certificate labels, see Digital certificate labels, understanding the requirements.
- Type end to exit the MQSC interface.
- On the command-line, type:
runmqsc QM2- Create a receiver channel on QM2, called TO.QM2, in the MQSC interface, type:
DEFINE CHANNEL(TO.QM2) CHLTYPE(RCVR) TRPTYPE(TCP) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(REQUIRED) DESCR('Receiver channel using TLS from QM1 to QM2') REPLACE- Type end to exit the MQSC interface.
What to do next
To verify that the source queue manager can send messages to the target queue manager using TLS, follow the instructions in Verify the solution. Parent topic: Securing the network