MQ SSL settings

After you create a WebSphere® MQ transport, you must configure SSL settings for it.

About this task

To enable and configure SSL settings for the transport, do the following steps:

Procedure

  1. Click the SSL tab.
    The MQ SSL page of the MQ transport.
  2. To enable SSL, select the Use MQ SSL check box.
    Field Description
    Peer Name The Distinguished Name (DN) of the queue manager to be used by SSL. The queue manager identifies itself using an SSL certificate, which contains a DN. HCL OneTest™ API can use this DN to ensure that it is communicating with the correct queue manager.

    In MQ, a DN pattern is specified by using the sslPeerName variable of MQEnvironment. Connections succeed only if Peer Name matches the pattern that is specified.

    Cipher Suite For encrypting the transport communication, select one of the cipher suites from the list or enter the name if it is not listed. For more information, see WebSphere MQ Knowledge Center.
    Note: Some newer cipher suites might require a specific version of Transport Layer Security (TLS) such as TLSv1.2. You can set the TLS version in Override default protocols as appropriate. Also, strong cipher suites require the addition of Unrestricted SDK JCE policy files to the HCL OneTest™ API Java installation. Download the policy files from the IBM sites, if necessary.
    Fips Required This option specifies whether the requested cipher suite must use FIPS-certified cryptography in WebSphere MQ.
    KeyResetCount The total number of non-encrypted bytes that can be sent and received within an SSL conversation before the secret key is renegotiated. If left blank or set to zero (default), the secret key is never renegotiated. This value is ignored if no cipher suite is specified. Valid values are integers 0 - 999,999,999.
    Note: KeyResetCount is not supported in WebSphere MQ 5.3.s but is supported in WebSphere MQ 6.0 (or later).
    Trust Store To enable server authentication, select the server identity store that was configured in the HCL OneTest™ API Physical View.
    Key Store To enable client authentication, select the client identity store that was configured in the HCL OneTest™ API Physical View.
    Override default protocols If you are required to use a specific version of the secure sockets protocol, such as SSLv2 or TLSv1.2, enter that algorithm name here. For a complete list of algorithms, see Standard Algorithm Name Documentation.
    Note: For more information, see HCL OneTest™ API reference.
Feedback