Queue manager attributes
WebSphere MQ SSL support includes the following parameters on the ALTER QMGR MQSC command:
For more information about setting these parameters with the ALTER QMGR MQSC command, refer to the WebSphere MQ Script (MQSC) Command Reference, which also describes when changes to the SSL queue manager attributes become effective.
- SSLKEYR
- Sets a queue manager attribute, SSLKeyRepository, which holds the name of the SSL key repository.
- SSLCRLNL
- Sets a queue manager attribute, SSLCRLNamelist, which holds the name of a namelist of authentication information objects.
- SSLCRYP
- Sets a queue manager attribute, SSLCryptoHardware, which holds the name of the parameter string required to configure the cryptographic hardware present on the system. This parameter applies only to Windows and UNIX queue managers.
- SSLTASKS
- Sets a queue manager attribute, SSLTasks, which holds the number of server subtasks to use for processing SSL calls. If you use SSL channels have at least two of these tasks. This parameter applies only to z/OS queue managers.
- SSLRKEYC
- Sets a numeric queue manager attribute called SSLKeyResetCount, the total number of unencrypted bytes that are sent and received within an SSL conversation before the secret key is renegotiated. The number of bytes includes control information sent by the message channel agent.
- SSLFIPS
- Specifies whether only FIPS-certified algorithms are to be used if cryptography is carried out in WebSphere MQ. If cryptographic hardware is configured, the cryptographic modules used are those provided by the hardware product, and these may, or may not, be FIPS-certified to a particular level. This depends on the hardware product in use. For more information about FIPS, see Federal Information Processing Standards (FIPS).
On i5/OS, we can also set the SSLKEYR and SSLCRLNL parameters with the CHGMQM command.
Parent topic:
WebSphere MQ SSL support
sy10950_