Secure connections to a WebSphere MQ network
Connections between a WAS and a WebSphere MQ network can use the SSL protocol to increase the confidentiality and integrity of messages transferred between a messaging engine on a service integration bus and WebSphere MQ.
By default, new application servers are configured to accept inbound WebSphere MQ connections through two inbound transport chains. To read about inbound transport chains, see Inbound transport options. One of these chains is configured to accept SSL-based connections, making it possible to configure a sender channel in the WebSphere MQ network to connect through this channel chain and establish an SSL-based connection. For more information about securing WebSphere MQ sender channels, see the Security section of the WebSphere MQ information center. All WebSphere MQ interoperation resources hosted by an application server can be contacted by all inbound WebSphere MQ transports defined to that server, so you should restrict the inbound transports that are enabled. This is important because the default application server configuration has definitions for inbound WebSphere MQ transports that are not secured using SSL. For more information, see Secure transport configuration requirements).
When connecting a WAS to a WebSphere MQ queue manager or (for WebSphere MQ for z/OS ) queue sharing group through a WebSphere MQ link sender channel definition, you might choose to secure the link through SSL. This is achieved by specifying a suitable transport chain for the Transport chain property of the WebSphere MQ link sender channel definition. The name of the default SSL-based outbound transport chain suitable for securing a WebSphere MQ link sender channel is OutboundSecureMQLink. For more information, see Outbound transport options.