The SSL in WebSphere MQ
Message channels and MQI channels can use the SSL protocol to provide link level security.
A caller MCA is an SSL client and a responder MCA is an SSL server. WebSphere MQ supports Version 3.0 of the SSL protocol. You specify the cryptographic algorithms that are used by the SSL protocol by supplying a CipherSpec as part of the channel definition.
At each end of a message channel, and at the server end of an MQI channel, the MCA acts on behalf of the queue manager to which it is connected.
During the SSL handshake, the MCA sends the digital certificate of the queue manager to its partner MCA at the other end of the channel. The WebSphere MQ code at the client end of an MQI channel acts on behalf of the user of the WebSphere MQ client application. During the SSL handshake, the WebSphere MQ code sends the user's digital certificate to the MCA at the server end of the MQI channel.
Digital certificates are stored in a key repository.
The queue manager attribute SSLKeyRepository specifies the location of the key repository that holds the queue manager's digital certificate.
On a WebSphere MQ client system, the MQSSLKEYR environment variable specifies the location of the key repository that holds the user's digital certificate.
Alternatively, a WebSphere MQ client application can specify its location in the KeyRepository field of the SSL configuration options structure, MQSCO, on an MQCONNX call.
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.