Specifying that an MQI channel uses SSL
For an MQI channel to use SSL, the value of the SSLCipherSpec attribute of the client-connection channel must be the name of a CipherSpec that is supported by WebSphere MQ on the client platform. You can define a client-connection channel with a value for this attribute in the following ways. They are listed in order of decreasing precedence.
- When a WebSphere MQ client application issues an MQCONNX call.
The application can specify the name of a CipherSpec in the SSLCipherSpec field of a channel definition structure, MQCD. This structure is referenced by the connect options structure, MQCNO, which is a parameter on the MQCONNX call.
- Using a client channel definition table.
One or more entries in a client channel definition table can specify the name of a CipherSpec. For example, if you create an entry by using the DEFINE CHANNEL MQSC command, you can use the SSLCIPH parameter on the command to specify the name of a CipherSpec.
- Using Active Directory on Windows.
On Windows systems with Active Directory, you can use the setmqscp control command to publish the client-connection channel definitions in Active Directory. One or more of these definitions can specify the name of a CipherSpec.
For example, if a client application provides a client-connection channel definition in an MQCD structure on an MQCONNX call, this definition is used in preference to any entries in a client channel definition table that can be accessed by the WebSphere MQ client.
Note that you cannot use the MQSERVER environment variable to provide the channel definition at the client end of an MQI channel that uses SSL.
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.