Search code examples
ibm-mq

IBM MQ 1 way ssl minimum setup

I was trying to enable a self signed TLS from MQ docker. I followed the steps below to generate the mq keystore and client truststore.

runmqakm -keydb -create -db key.kdb -pw changeit -stash
runmqakm -cert  -create -db key.kdb -dn "cn=mqtest,o=mq,c=us" -pw changeit -label ibmwebspheremqqm -size 2048 -expire 3650
runmqakm -cert -list all -db key.kdb -stashed
runmqakm -cert -details -db key.kdb -stashed -label ibmwebspheremqqm
runmqakm -cert -extract -db key.kdb -stashed -label ibmwebspheremqqm -target QM1.cert
keytool -keystore clientkey.jks -storetype jks -importcert -file QM1.cert -alias server-certificate -keypass changeit -storepass changeit -noprompt

After creating the above keystore, i started modifying the queue manager and channel for 1 way tls connection. I am not able to connect to ueue after the above changes.

runmqsc QM1
ALTER QMGR SSLKEYR('/var/mqm/qmgrs/QM1/ssl/key') CERTLABL('ibmwebspheremqqm')
ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12_OR_HIGHER) SSLCAUTH(OPTIONAL) 
REFRESH SECURITY(*) TYPE(SSL)
EXIT

Can you point me , what i am doing wrong?

Solution

  • Below mqsc script worked for me for 1-way tls setup.

    DISPLAY CHANNEL(DEV.APP.SVRCONN)
ALTER CHANNEL(DEV.APP.SVRCONN) CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL) CERTLABL('')
REFRESH SECURITY(*) TYPE(SSL)
DISPLAY CHANNEL(DEV.APP.SVRCONN)
EXIT