Use the Distinguished Name of the queue manager
The queue manager identifies itself using a TLS certificate, which contains a Distinguished Name (DN).
An IBM MQ .NET client application can use this DN to ensure that it is communicating with the correct queue manager. A DN pattern is specified using the sslPeerName variable of MQEnvironment. For example, setting:MQEnvironment.SSLPeerName = "CN=QMGR.*, OU=IBM, OU=WEBSPHERE";allows the connection to succeed only if the queue manager presents a certificate with a Common Name beginning QMGR., and at least two Organizational Unit names, the first of which must be IBM and the second WEBSPHERE.The SSLPeerName property can also be set using the MQC.SSL_PEER_NAME_PROPERTY in the hash table of connection properties. For more information about Distinguished Names and rules for setting peer names, refer to Securing.
If SSLPeerName is set, connections succeed only if it is set to a valid pattern and the queue manager presents a matching certificate.