Telemetry channel configuration for channel authentication using TLS
The IBM MQ administrator configures telemetry channels at the server. Each channel is configured to accept a TCP/IP connection on a different port number. TLS channels are configured with passphrase protected access to key files. If a TLS channel is defined with no passphrase or key file, the channel does not accept TLS connections.
Store the digital certificate of the server, signed with its private key, in the keystore that the telemetry channel is going to use at the server. Store any certificates in its key chain in the keystore, if you want to transmit the key chain to the client. Configure the telemetry channel using IBM MQ explorer to use TLS. Provide it with the path to the keystore, and the passphrase to access the keystore. If we do not set the TCP/IP port number of the channel, the TLS telemetry channel port number defaults to 8883.
We can also use TLS cipher suites for channel authentication. If you plan to use SHA-2 cipher suites, see System requirements for using SHA-2 cipher suites with MQTT channels.