MQCONNX call, SSLCipherSpec field, MQCD structure, MQCNO structure, client channel definition table, SSLCIPH parameter, Active Directory, setmqscp command, MQSERVER" /> Specifying that an MQI channel uses SSL
Home

 

Specifying that an MQI channel uses SSL

For an MQI channel to use SSL, the value of the SSLCipherSpec attribute of the client-connection channel must be the name of a CipherSpec that is supported by WebSphere MQ on the client platform. We can define a client-connection channel with a value for this attribute in the following ways. They are listed in order of decreasing precedence.

  1. When a WebSphere MQ client application issues an MQCONNX call.

    The application can specify the name of a CipherSpec in the SSLCipherSpec field of a channel definition structure, MQCD. This structure is referenced by the connect options structure, MQCNO, which is a parameter on the MQCONNX call.

  2. Using a client channel definition table.

    One or more entries in a client channel definition table can specify the name of a CipherSpec. For example, if you create an entry by using the DEFINE CHANNEL MQSC command, we can use the SSLCIPH parameter on the command to specify the name of a CipherSpec.

  3. Using Active Directory on Windows.

    On Windows systems , we can use the setmqscp control command to publish the client-connection channel definitions in Active Directory. One or more of these definitions can specify the name of a CipherSpec.

For example, if a client application provides a client-connection channel definition in an MQCD structure on an MQCONNX call, this definition is used in preference to any entries in a client channel definition table that can be accessed by the WebSphere MQ client.

Note that we cannot use the MQSERVER environment variable to provide the channel definition at the client end of an MQI channel that uses SSL.

To check whether a client certificate has flowed, display the channel status at the server end of a channel for the presence of a peer name parameter value.



 

Home