Verify task 3
If the sender channel was running and the REFRESH SECURITY TYPE(SSL) command was issued (in step 2), the channel will be restarted automatically. If the sender channel was not running, you will need to start it.
At the server end of the channel, the presence of the peer name parameter value on the channel status display indicates that a client certificate has flowed.
We can issue some DISPLAY commands to verify that the task has been completed successfully. If the task was successful, the resulting output will be similar to that shown in the following examples:
From the QMA queue manager, enter the following command:
DISPLAY CHS(TO.QMB) SSLPEER SSLCERTIThe resulting output will be similar to the following:dis chs(TO.QMB) SSLPEER SSLCERTI 4 : dis chs(TO.QMB) SSLPEER AMQ8417: Display Channel Status details. CHANNEL(TO.QMB) CHLTYPE(SDR) CONNAME(9.20.25.40) CURRENT RQMNAME(QMB) SSLCERTI("CN=WebSphere MQ CA,OU=WebSphere MQ Devt,O=IBM,ST=Hampshire,C=UK") SSLPEER("CN=QMB,OU=WebSphere MQ Development,O=IBM,ST=Hampshire,C=UK") STATUS(RUNNING) SUBSTATE(MQGET) XMITQ(QMB)From the QMB queue manager, enter the following command:
DISPLAY CHS(TO.QMB) SSLPEER SSLCERTIThe resulting output will be similar to the following:dis chs(TO.QMB) SSLPEER SSLCERTI 5 : dis chs(TO.QMB) SSLPEER SSLCERTI AMQ8417: Display Channel Status details. CHANNEL(TO.QMB) CHLTYPE(RCVR) CONNAME(9.20.35.92) CURRENT RQMNAME(QMA) SSLCERTI( ) SSLPEER( ) STATUS(RUNNING) SUBSTATE(RECEIVE) XMITQ( )On QMB, the SSLPEER field is empty, showing that QMA did not send a certificate. On QMA, the value of SSLPEER matches that of the DN in QMB’s personal certificate.
Parent topic:
Task 3: Anonymous queue managers
sy11890_