Configure MQ Light clients with TLS

We can configure MQ Light clients to use TLS to protect data flowing across the network and to authenticate the identity of the queue manager the client connects to.

To use TLS for the connection from an MQ Light client to an AMQP channel, you must ensure the queue manager has been configured to TLS. Configure TLS on queue managers describes how to configure the keystore that a queue manager reads TLS certificates from.

When the queue manager has been configured with a keystore, you must configure the TLS attributes on the AMQP channel that clients will connect to. AMQP channels have four attributes related to TLS configuration as follows:

SSLCAUTH

The SSLCAUTH attribute is used to specify whether the queue manager should require an MQ Light client to present a client certificate to verify its identity.

SSLCIPH

The SSLCIPH attribute specifies the cipher the channel should use to encode data in the TLS flow.

SSLPEER

The SSLPEER attribute is used to specify the distinguished name (DN) a client certificate must match if a connection is to be allowed.

CERTLABL

The CERTLABL specifies the certificate the queue manager should present to the client. The queue manager's keystore can contain multiple certificates. This attribute allows you to specify the certificate to be used for connections to this channel. If no CERTLABL is specified, the certificate in the queue manager key repository with the label corresponding to the queue manager CERTLABL attribute is used.

When we have configured your AMQP channel with the TLS attributes, you must restart the AMQP service using the following command:

STOP SERVICE(SYSTEM.AMQP.SERVICE) START SERVICE(SYSTEM.AMQP.SERVICE)

When an MQ Light client connects to an AMQP channel protected by TLS, the client verifies the identity of the certificate presented by the queue manager. To do this you must configure your MQ Light client with a truststore containing the queue manager's certificate. The steps to do this vary depending on the MQ Light client you are using.

• For the MQ Light client for Node JS API documentation, see https://www.npmjs.com/package/mqlight
• For the MQ Light client for Java API documentation, see http://mqlight.github.io/java-mqlight/
• For the MQ Light client for Ruby documentation, see http://www.rubydoc.info/github/mqlight/ruby-mqlight/
• For the MQ Light client for Python documentation, see http://python-mqlight.readthedocs.org/en/latest/