Professional Documents
Culture Documents
ICE MQ SSL Connectivity Technical In-Details
ICE MQ SSL Connectivity Technical In-Details
All digital certificates are stored in a key database file that is managed with iKeyman or
IKEYCMD. These digital certificates have labels. A specific label associates a personal
certificate with a queue manager or WebSphere MQ client. SSL uses that certificate for
authentication purposes. On UNIX, WebSphere MQ uses the ibmwebspheremq prefix on a
label to avoid confusion with certificates for other products.
** The prefix is followed by the name of the queue manager. Ensure that you specify the entire
certificate label in lower case.
Example: ibmwebspheremqyour_queue_manager_name
Before you execute following command, please make sure your environment variable
(JAVA_HOME) has been setup. Otherwise, you might see this error below.
“The Java Cryptographic Extension(JCE) files were not found. Please check that the JCE files
have been installed in the correct directory”
However, if your key data file was named 'myKey', then you need to change qmgr SSLKEYR
property:
change this:
SSLKEYR(/var/mqm/qmgrs/ACSQMGR/ssl/key)
To this:
SSLKEYR(/var/mqm/qmgrs/ACSQMGR/ssl/myKey)
gsk7cmd -keydb -create -db key.kdb -pw password -type cms -stash
Where:
Where:
Where:
Please send extracted certificate to ICE. Please copy your request to all email lists below for
all “key exchange” project requests.
ICE will respond to step 4 with a public key. Once you received ICE's public key, please add it
to your key database.
gsk7cmd –cert –add –db filename –pw password –label ibmwebspheremq$qmgr_name –file
file_name –format ascii
Where:
STOP CHANNEL($your_channel_name)
ALT CHANNEL($your_channel_name) CHLTYPE(SDR) SSLCIPH(RC4_MD5_US)
REFRESH SECURITY TYPE(SSL)
START CHANNEL($your_channel_name)
Reference:
IBM InfoCenter (MQ Security):
http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp
Verisign:
https://knowledge.verisign.com/support/ssl-certificates-
support/index?page=content&id=AR230