Home

 

SSL Peer (SSLPEER)

 

The SSLPEER attribute is used to check the Distinguished Name (DN) of the certificate from the peer queue manager or client at the other end of a WebSphere MQ channel. If the DN received from the peer does not match the SSLPEER value, the channel does not start.

SSLPEER is an optional attribute. If a value is not specified, the peer DN is not checked when the channel is started.

On z/OS the maximum length of the attribute is 256 bytes. On all other platforms it is 1024 bytes.

On z/OS the attribute values used are not checked. If you input incorrect values, the channel fails at startup, and error messages are written to the error log at both ends of the channel. A Channel SSL Error event is also generated at both ends of the channel. On platforms that support SSLPEER, other than z/OS, the validity of the string is checked when it is first input.

We can specify a value for SSLPEER on a non-SSL channel definition, one on which SSLCIPH is missing or blank. We can use this to temporarily disable SSL for debugging without having to clear and later reinput the SSL parameters.

For more information on using SSLPEER, see WebSphere MQ Script (MQSC) Command Reference and WebSphere MQ Security.

This attribute is valid for all channel types.

 

Parent topic:

Channel attributes in alphabetical order


ic12060_


 

Home