WebSphere MQ queue connection factory custom properties

 

To set custom properties of a queue connection factory for use with the WebSphere MQ JMS provider....

Console | Resources | WebSphere MQ JMS Provider | WebSphere MQ Queue Connection Factories | connection_factory | Custom Properties

You can define the following WebSphere MQ SSL properties if you set the property Transport type=CLIENT on the connection factory.

SSLCIPHERSUITE The cipher suite to use for SSL connection.

Set this property to a valid cipher suite provided by your JSSE provider; it must match the CipherSpec named on the SVRCONN channel named by the Channel property.

You must set this property if the SSLPEERNAME is to be set.

SSLCRL A list of zero or more CRL (Certificate Revocation List) servers used to check for SSL certificate revocation. (Use of this property requires a WebSphere MQ JVM at Java 2 version 1.4.)

The value is a space-delimited list of entries of the form

ldap://hostname:[port]

optionally followed by a single / (forward slash). If port is omitted, the default LDAP port of 389 is assumed. At connect-time, the SSL certificate presented by the server is checked against the specified CRL servers.

SSLPEERNAME For SSL, a distinguished name skeleton that must match the name provided by the WebSphere MQ queue manager. The distinguished name is used to check the identifying certificate presented by the server at connect-time.

If SSLPEERNAME is not set, such checking is performed. SSLPEERNAME is ignored if SSLCIPHERSUITE is not specified.

The SSLPEERNAME property is a list of attribute name and value pairs separated by commas or semicolons. For example

SSLPEERNAME(CN=QMGR.*, OU=IBM, OU=WEBSPHERE)

The example given checks the identifying certificate presented by the server at connect-time. For the connection to succeed, the certificate must have a Common Name beginning QMGR., and must have at least two Organizational Unit names, the first of which is IBM and the second WEBSPHERE. Checking is not case-sensitive.