To send and receive messages through SSL:
Create a key repository for the connected queue manager that contains queue manager’s private key, and the digital certificate for Adaptive Server.
Create a key repository for Adaptive Server that contains the digital certificate for that Adaptive Server, as well as for the connected queue managers.
Create an SSL-enabled server connection channel on the connected queue manager.
Configure your key repository for Adaptive Server by using the sp_msgadmin 'config', 'ibmmq_keystore' stored procedure described in sp_msgadmin in Chapter 3, “SQL Reference.”
This scenario shows how WebSphere MQ communicates both with and without SSL in Active Messaging.
There are two server connection channels on queue manager “BACH”; the first, “CH1”, is a normal connection, while “CH2” is configured to require SSL. The SSL cipher specification for the channel is NULL_MD5.
Send a message to the queue manager without enabling SSL:
select msgsend('a', "ibm_mq:CH1/tcp/host1(7654)?qmgr=BACH,queue=Q1')
Next, send a message to the queue manager using the SSL protocol:
Set up the key repositories for the queue manager and Adaptive Server seperately. The key database file for Adaptive Server is /var/mqm/clients/ssl/ASE.kdb. See your WebSphere MQ documentation from IBM for instructions on how to set up key repositories.�
Configure the key repository for Adaptive Server with:
sp_msgadmin 'config', 'ibmmq_keystore', '/var/mqm/clients/ssl/ASE'
Send the message through SSL:
select msgsend('e', 'ibm_mq:CH2(ssl:sslciph=NULL_MD5)
/tcp/host1(7654)?qmgr=BACH,queue=Q1')
