Migrating Windows Secure Sockets Layer (SSL) connections

 

This section deals with migrating Windows Secure Sockets Layer (SSL) connections from WebSphere MQ V5.3 to WebSphere MQ V6.0.

 

General Introduction

WebSphere MQ V6.0 provides the Global Security Toolkit (GSKit) on Windows platforms for improved SSL (Secure Sockets Layer) support for queue manager and WebSphere MQ client channels. Follow the guidance in this section to determine whether WebSphere MQ V5.3 queue managers or clients have been set up to use SSL connections, and to ensure these channels continue to work with WebSphere MQ V6.0. The migration process causes a copy of the certificates stored in the WebSphere MQ Certificate Stores used by WebSphere MQ V5.3, to be migrated to a GSKit Key database.

 

Points to consider

 

Certificates that are not migrated

A number of certificates are not migrated during this process. These are:

 

Types of certificate migration

There are two types of certificate migration.

Automatic migration has the advantage that you do not need to specify the location and names for all the WebSphere MQ Certificates Stores and their corresponding GSKit key databases for all the queue managers and the clients as this is derived from the information gathered during the pre-installation processing.

 

Friendly Name attribute

In the WebSphere MQ Certificate Store file there is one certificate assigned to the queue manager or client. During migration, the copy of this certificate is modified before it is imported into the GSKit database. The modification sets the certificate's Friendly Name attribute to the string ibmwebspheremq followed in lower case by the queue manager name or the client logon ID. The previous Friendly Name value, if any, is lost. This Friendly Name value becomes the label of the certificate in the GSKit key database.

 

Working with migrated certificates

When WebSphere MQ V6.0 has been fully installed, and the certificates from the WebSphere MQ Certificate Stores have been migrated to the GSKit database, we can use the IBM Key Management (iKeyman) utility to view and manage your certificates. Full details of the iKeyman utility can be found in the WebSphere MQ Security book.

 

Parent topic:

Migration Information


mi10240_