Search code examples
encryptionconfigurationibm-mqwebsphere-mq-ams

how to add message level security in c# for IBM WebSphere MQ


Steps I have done :

    1) In the Server, I have installed IBM WebSphere MQ v7.5.0.2 with AMS component enabled. 

    2) In the Server, i have configured the below : 
        a) Created New Queue Manager and Queue.
        b) Created Listener.TCP
        c) Created required Server-Connection Channel and Client-Connection Channel. 
        d) Configured Server-Connection Channel to accept SSL(TLS_RSA_WITH_AES_128_CBC_SHA256).
        e) Created the Self-Signed Certificate at Client and Server.
        f) Using the below c# code, i am able to connect to the Remote Queue Manager using CCDT.
        g) I am able to connect successfully to the Remote Queue Manager (AND) I am able to put a 
           message to the queue.  
        h) I am able to Browse the message in the WebSphere MQ Explorer in Server.
        i) I believe now my Transport Level Security is done. 
        j) But now i need to enable Message Level Security to all the incoming/outgoing messages from 
           that Server-Connection Channel which is configured with SSL.

    3) I have the below few questions, please help to clarify : 
        a) How and where to configure the keystore.conf using .net environment ? 
        b) How and where to configure the Message Level Security for every message that is incoming/outgoing from the SSL    
           Connection configured channel ?  
        c) How and where to configure Online Certificate Status Protocol (OCSP)
        d) How and where to configure Certificate Revocation List (CRL) for certificates validation

Sample C# Code:

public void TestSSLConnectionWithCCDT()
        {
            try
            {
                Environment.SetEnvironmentVariable(MQCHLLIB, @C:\Program Files (x86)\IBM\WebSphere MQ\ssl);
                Environment.SetEnvironmentVariable(MQCHLTAB, AMQCLCHL.TAB);

                Hashtable props = new Hashtable();
                props.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_CLIENT);
                props.Add(MQC.SSL_CERT_STORE_PROPERTY, sslKeyRepository);
                MQQueueManager qMgr = new MQQueueManager(QM1, props);
                MQQueue queue1 = qMgr.AccessQueue(Q1, MQC.MQOO_OUTPUT | MQC.MQOO_FAIL_IF_QUIESCING);
                MQMessage msg = new MQMessage();
                msg.WriteUTF(Test Message);
                queue1.Put(msg);
            }
            catch (MQException ex)
            {
                Console.WriteLine(A WebSphere MQ error occurred: {0}, ex.ToString());
            }
                catch (System.Exception ex)
            {
                Console.WriteLine(A System error occurred: {0}, ex.ToString());
            }
        }

Appreciate the help/suggestions.

Thanks In Advance.


Solution

  • Follow the steps outlined in the Quick Start Guide for WebSphere MQ AMS on Windows. To use AMS from C#, you will be dropping through to the C Client for the AMS capabilities, so the set up will be the same.