Does Gen using IBM WebSphere MQ support secure Java client/server communications (SSL/TLS)?
Gen 8.5, 8.6
While Gen does not explicitly support IBM WebSphere MQ SSL/TLS communications, customers can still use secure communications by utilizing the methods detailed below. The methods are entirely within the realm of IBM software support so it is advisable to always consult IBM product documentation.
NOTE: WebSphere MQ itself handles all of the required TLS communications requirements with configuration settings and certificate and there is no extra requirement on the Gen side.
1. Enabling TLS in IBM MQ classes for Java
NOTE: To connect successfully using TLS, the client JSSE truststore must be set up with certificate authority root certificates from which the certificate presented by the queue manager can be authenticated. Similarly, if SSLClientAuth on the SVRCONN channel has been set to MQSSL_CLIENT_AUTH_REQUIRED, the JSSE keystore must contain an identifying certificate that is trusted by the queue manager.
The MQEnvironment class can be used in Gen Java user exit MQSDynamicCoopFlowExit.java which is located in the directory "%Gen86%\Gen\classes\com\ca\gen\exits\coopflow\mqs".
Otherwise the MQ environment variable CMQC.SSL_CIPHER_SUITE_PROPERTY can be set to the required CipherSuite.
2. Using SSL TLS to connect two MQ queue managers in MQ 7.5 and MQ 8.0 / MQ 9.0 using self-signed certificates (IBM Techdoc: 607661):