Gen Java MQ support for secure (SSL/TLS) client/server comms
search cancel

Gen Java MQ support for secure (SSL/TLS) client/server comms

book

Article ID: 115638

calendar_today

Updated On: 05-26-2024

Products

Gen Gen - Run Time Distributed

Issue/Introduction

Does Gen using IBM WebSphere MQ support secure Java client/server communications (SSL/TLS)?

Environment

Gen 8.5, 8.6

Resolution

While Gen does not explicitly support IBM WebSphere MQ SSL/TLS communications, customers can still use secure communications by utilizing the methods detailed below. The methods are entirely within the realm of IBM software support so it is advisable to always consult IBM product documentation.
NOTE: WebSphere MQ itself handles all of the required TLS communications requirements with configuration settings and certificate and there is no extra requirement on the Gen side.

1. Enabling TLS in IBM MQ classes for Java
NOTE: To connect successfully using TLS, the client JSSE truststore must be set up with certificate authority root certificates from which the certificate presented by the queue manager can be authenticated. Similarly, if SSLClientAuth on the SVRCONN channel has been set to MQSSL_CLIENT_AUTH_REQUIRED, the JSSE keystore must contain an identifying certificate that is trusted by the queue manager.
The MQEnvironment class can be used in Gen Java user exit MQSDynamicCoopFlowExit.java which is located in the directory "%Gen86%\Gen\classes\com\ca\gen\exits\coopflow\mqs".
Otherwise the MQ environment variable CMQC.SSL_CIPHER_SUITE_PROPERTY can be set to the required CipherSuite.

2. Using SSL TLS to connect two MQ queue managers in MQ 7.5 and MQ 8.0 / MQ 9.0 using self-signed certificates (IBM Techdoc: 607661):