sslCipherSpec property" /> Enabling SSL

 

Enabling SSL

SSL is supported only for client connections. To enable SSL, specify the CipherSpec to use when communicating with the queue manager, and this must match the CipherSpec set on the target channel.

To enable SSL, specify the CipherSpec using the SSLCipherSpec static member variable of MQEnvironment. The following example attaches to a SVRCONN channel named SECURE.SVRCONN.CHANNEL, which has been set up to require SSL with a CipherSpec of NULL_MD5:

MQEnvironment.Hostname         = "your_hostname";
MQEnvironment.Channel          = "SECURE.SVRCONN.CHANNEL";
MQEnvironment.SSLCipherSpec    = "NULL_MD5";
MQEnvironment.SSLKeyRepository = @"C:\mqm\key";
MQQueueManager qmgr = new MQQueueManager("your_Q_manager");

See Appendix A. SSL CipherSpecs supported by WebSphere MQ for a list of CipherSpecs.

The SSLCipherSpec property can also be set using the MQC.SSL_CIPHER_SPEC_PROPERTY in the hash table of connection properties.

To successfully connect using SSL, the client key store must be set up with Certificate Authority root certificates chain from which the certificate presented by the queue manager can be authenticated. Similarly, if SSLClientAuth on the SVRCONN channel has been set to MQSSL_CLIENT_AUTH_REQUIRED, the client key store must contain an identifying personal certificate that is trusted by the queue manager.


csqzav0542