Secure connections to an IBM MQ network
Connections between a WebSphere Application Server and an IBM MQ network can use the SSL protocol to increase the confidentiality and integrity of messages transferred between a messaging engine on a service integration bus and IBM MQ.
By default, new application servers are configured to accept inbound IBM MQ connections through two inbound transport chains. To read about inbound transport chains, see Inbound transport options. One of these chains is configured to accept SSL-based connections, making it possible to configure a sender channel in the IBM MQ network to connect through this channel chain and establish an SSL-based connection. For more information about securing IBM MQ sender channels, see the Security section of the IBM MQ information center. All IBM MQ interoperation resources hosted by an application server can be contacted by all inbound IBM MQ transports defined to that server, so we should restrict the inbound transports enabled. This is important because the default application server configuration has definitions for inbound IBM MQ transports that are not secured using SSL. See Secure transport configuration requirements).
When connecting a WAS to an IBM MQ queue manager or (for IBM MQ for z/OS ) queue sharing group through an IBM MQ link sender channel definition, we might choose to secure the link through SSL. This is achieved by specifying a suitable transport chain for the Transport chain property of the IBM MQ link sender channel definition. The name of the default SSL-based outbound transport chain suitable for securing an IBM MQ link sender channel is OutboundSecureMQLink. See Outbound transport options.