To send and receive messages through SSL:
Create a key repository for the connected queue manager that contains queue manager’s private key, and the digital certificate for Adaptive Server.
Create a key repository for Adaptive Server that contains the digital certificate for that Adaptive Server, as well as for the connected queue managers.
Create an SSL-enabled server connection channel on the connected queue manager.
Configure your key repository for Adaptive Server by using the sp_msgadmin 'config', 'ibmmq_keystore' stored procedure described in the sp_msgadmin in Chapter 3, “SQL Reference.”
This scenario shows how WebSphere MQ communicates both with and without SSL in RTDS.
There are two server connection channels on queue manager ‘BACH’; the first, ‘CH1’, is a normal connection while ‘CH2’ is configured to require SSL. The Cipher Spec for the channel is NULL_MD5. �
Send a message to the queue manager without enabling SSL:
select msgsend('a', "ibm_mq:CH1/tcp/host1(7654)?qmgr=BACH,queue=Q1')
Then send a message to the queue manager using the SSL protocol:�
Set up the key repositories for the queue manager and Adaptive Server seperately. The key database file for Adaptive Server is /var/mqm/clients/ssl/ASE.kdb. See your WebSphere MQ documentation from IBM for instructions on how to set up key repositories.�
Configure the key repository for Adaptive Server with:�
sp_msgadmin 'config', 'ibmmq_keystore', '/var/mqm/clients/ssl/ASE'
Send the message through SSL:�
select msgsend('e', 'ibm_mq:CH2(ssl:sslciph=NULL_MD5)
/tcp/host1(7654)?qmgr=BACH,queue=Q1')
