Scenarios: Getting started with MQIPT

The scenarios in this section show you how to set up some simple IBM MQ Internet Pass-Thru configurations. We can also use these tasks to confirm that the product has been installed successfully.

Before you begin

Before you start to use the scenarios in this section, make sure that the following prerequisites have been completed:

• You are familiar with defining queue managers, queues, and channels on IBM MQ.
• You have already installed an IBM MQ client and server.
• MQIPT is installed in a directory called C:\mqipt on Windows systems. (The examples are written for Windows systems but will run on any of the supported platforms.)
• The client, server, and each instance of MQIPT are installed on separate computers.
• You are familiar with putting messages on a queue by using the amqsputc command.
• You are familiar with getting messages from a queue using the amqsgetc command.
• You are familiar with setting client authorities in IBM MQ.

On the IBM MQ server, complete the following tasks:

• Define a queue manager called MQIPT.QM1.
• Define a server connection channel called MQIPT.CONN.CHANNEL.
• Define a local queue called MQIPT.LOCAL.QUEUE.
• Start a TCP/IP listener for MQIPT.QM1 on port 1414. If port 1414 is already in use by another application choose a free port address and substitute it in the following examples.
• Ensure that connection authentication and channel authentication is configured to allow client connections from the client machine with your user ID. If connection authentication is set to require a user ID and password for client connections, you will need to set the MQSAMP_USER_ID environment variable to the user ID to be used for connection authentication before running the amqsputc and amqsgetc commands.

After we have done this, we can test the route from the IBM MQ client to the queue manager by putting a message on the local queue of the queue manager, by using the amqsputc command, and then retrieving it, by using the amqsgetc command.

Edit the mqipt.conf file as follows:

• Copy mqiptSample.conf, which we can find in the MQIPT installation directory, to mqipt.conf in your chosen MQIPT home directory. The following scenarios use C:\mqiptHome as the MQIPT home directory.
• Create two directories alongside mqipt.conf named errors and logs. Set the file permissions on these directories so that they are writeable by the user ID that will run MQIPT.
• Delete all routes from the mqipt.conf file.
• In the remaining [global] section, check that the following entries exist, adding them if necessary, and set them to the following values:
  • ClientAccess is set to true.
  • Destination is set to the network address of your queue manager. We can specify either a host name or an IP address.
  • DestinationPort is set to the port number used by your queue manager.

The following scenarios are described in this section:

• Scenario: Verifying that MQIPT is working correctly
• Scenario: Creating a key-ring file
• Scenario: Creating test certificates
• Scenario: Authenticating an SSL/TLS server
• Scenario: Authenticating an SSL/TLS client
• Scenario: Configuring an HTTP proxy
• Scenario: Configuring access control
• Scenario: Configuring a SOCKS proxy
• Scenario: Configuring a SOCKS client
• Scenario: Configuring MQIPT clustering support
• Scenario: Allocating port numbers
• Scenario: retrieving CRLs by using an LDAP server
• Scenario: running MQIPT in SSL/TLS proxy mode
• Scenario: running MQIPT in SSL/TLS proxy mode with a security manager
• Scenario: Apache rewrite
• Scenario: Using a security exit
• Scenario: Routing client connection requests to IBM MQ queue manager servers by using security exits
• Scenario: Dynamically routing client connection requests
• Scenario: Using a certificate exit to authenticate an SSL/TLS server