Setting Up WebSphere MQ Queue Manager

To create a secure connection to the WebSphere MQ queue manager, you are required to set up the WebSphere MQ queue manager.

This section introduces how to enable the WebSphere MQ queue manager to accept TLS connections by using the sample that is provided by the plug-in. You must create a keystore for the certificates and trusts used by the queue manager.

Note: These examples use self-signed certificates. Although self-signed certificates are acceptable in a development environment, they must never be used in production.

Procedure

  1. Create IBM keystores for the queue manager and client by using a given script in the plug-in samples directory. The following steps describe the configuration of the queue manager to use certificates generated by the script using the command: createQueueManagerKeystore.sh/var/mqm/qmgrs/qmwn/ssl qmwn password.
  2. Configure the queue manager to use generated keystore.
  3. Use the IBM Key Management tool to review the personal certificate name.
  4. Create a TLS connection for the queue manager.
  5. Verify that all SSL files can be read by the mqm group.

    Verify the security of all the files in the directory which you configured as the SSL Key Repository property of the queue manager are readable by the mqm group. This is the security group mqm that is created during the installation of WebSphere MQ on the platform. If they are not, adjust their access properties or the queue manager is not able to read them.

    The queue manager is now capable of making a secure connection with a client. Using the plug-in, you can now create a TLS-secured connection to the queue manager.