The Secure Sockets Layer in WebSphere MQ

The Secure Sockets Layer in WebSphere MQ

Message channels and MQI channels can use the SSL protocol to provide link level security. A caller MCA is an SSL client and a responder MCA is an SSL server. WebSphere MQ supports V3.0 of the SSL protocol. You specify the cryptographic algorithms that are used by the SSL protocol by supplying a CipherSpec as part of the channel definition. See Channel attributes for more information about specifying CipherSpecs.
WebSphere MQ also supports V1.0 of the Transport Layer Security (TLS) protocol, as described in Transport Layer Security (TLS) concepts.
At each end of a message channel, and at the server end of an MQI channel, the MCA acts on behalf of the queue manager to which it is connected. During the SSL handshake, the MCA sends the digital certificate of the queue manager to its partner MCA at the other end of the channel. The WebSphere MQ code at the client end of an MQI channel acts on behalf of the user of the WebSphere MQ client application. During the SSL handshake, the WebSphere MQ code sends the user's digital certificate to the MCA at the server end of the MQI channel.
Note that queue managers and WebSphere MQ client users are not required to have personal digital certificates associated with them when they are acting as SSL clients, unless SSLCAUTH(REQUIRED) is specified at the server side of the channel.
Digital certificates are stored in a key repository. The queue manager attribute SSLKeyRepository specifies the location of the key repository that holds the queue manager's digital certificate. On a WebSphere MQ client system, the MQSSLKEYR environment variable specifies the location of the key repository that holds the user's digital certificate. Alternatively, a WebSphere MQ client application can specify its location in the KeyRepository field of the SSL configuration options structure, MQSCO, on an MQCONNX call. See WebSphere MQ SSL support for more information about key repositories and how to specify where they are located.

Parent topic:
The Secure Sockets Layer (SSL)

sy10710_