Server-to-server message channel interception example configurations
Server-to-server message channel interception requires configuration of channel definitions, as well as Advanced Message Security policies, to ensure that inbound and outbound messages can be correctly protected or unprotected. The configuration varies depending on whether the channel is inbound or outbound.
Inbound channel
The following example shows a typical configuration for an inbound channel of type receiver, and provides details of the AMS policy required to protect unprotected inbound messages: The example shows:- Queue manager QMA
- Channel TO.QMA
- Local queue DESTQ
Use the following code:
DEFINE CHANNEL(TO.QMA) CHLTYPE(RCVR) SSLCAUTH(REQUIRED) SSLCIPH(ANY_TLS12) TRPTYPE(TCP) SPLPROT(ASPOLICY) DEFINE QLOCAL(DESTQ) DESCR(‘AMS PROTECTED QUEUE') setmqspl -m QMA -p DESTQ -e AES256 -r CN=TEST,O=ORG,C=USNote: The policy described in the preceding text encrypts messages only; that is, AMS Confidentiality.
See setmqspl and the message security policy (CSQ0UTIL) for information on using setmqspl on z/OS .
Outbound channel
The following example shows a typical configuration for an outbound channel of type sender. The example provides details of the AMS policies required to protect messages put to the remote queue, and to unprotect and send messages got from the transmission queue: The example shows a:- Queue manager QMA
- Channel TO.BP
- Local transmission queue TO.BP.XMITQ
- Remote queue REMOTE.BPQ
use the following code:
DEFINE CHANNEL(TO.BP) CHLTYPE(SDR) SSLCAUTH(REQUIRED) SSLCIPH(ANY_TLS12) TRPTYPE(TCP) SPLPROT(REMOVE) CONNAME(‘server(1414)') XMITQ(TO.BP.XMITQ) DEFINE QLOCAL(TO.BP.XMITQ) DESCR(‘TRANSMISSION QUEUE FOR TO.BP') USAGE(XMITQ) DEFINE QREMOTE(REMOTE.BPQ) DESCR(‘REMOTE QUEUE TO BP') RNAME(BP.LOCALQ) RQMANME(BPQM) XMITQ(TO.BP.XMITQ) setmqspl -m QMA -p TO.BP.XMITQ -e AES256 -r CN=TEST,O=ORG,C=US setmqspl -m QMA -p REMOTE.BPQ -e AES256 -r CN=TEST,O=ORG,C=USNote: The policy described in the preceding text encrypts messages only; that is, AMS Confidentiality. Parent topic: Security scenarios