Versions Compared

Old Version 9

changes.mady.by.user Admin

Saved on

compared with

New Version Current

changes.mady.by.user Admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel3

Info
Lamaxu version versions greater than 1.0.5.9 is are required in order to use SSL Connections to the MQ queue manager.

...

Example, http://localhost:8085/admin/dashboard/#/mq/admin (the default username and password is admin/password)

Navigate to the 'Queue Managers' tab and enter the required Cipher Suite into the Cipher input box. Note the Cipher Suite used needs to match the Cipher Spec on the MQ channel.

Image RemovedImage Added

To Import a Trust Certificate

...

Where mycert.txt is is your trust certificate.NOTE:

Info
The default password for the truststore.jks file is 'changeit'

MQ Java TLS CipherSpecs and CipherSuites for Oracle Java 8 Usage

Download the JCE 8

The Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files need to be downloaded and installed in order for the Oracle JRE to support the required CipherSuites in the table below. 

After downloading the JCE, extract and copy the JCE jurisdiction policy JAR files below to the target locations.

local_policy.jar (Unlimited strength local policy file)
US_export_policy.jar (Unlimited strength US export policy file)

Target locations

<java-home>/lib/security [Unix]
<java-home>\lib\security [Windows]

Recommended CipherSpecs and Equivalent CipherSuites 

Recommended CipherSpecs and Equivalent CipherSuites 

https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q113210_.htm 

_RSA_WITH_AES_256_CBCSHA_RSA_WITH_AES_256_CBC_SHA256
MQ CipherSpec
Equivalent CipherSuite (IBM JRE)Equivalent CipherSuite (Oracle JRE)
Protocol
TLS_RSA_WITH_AES_128_CBC_SHASSL_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_128_CBC_SHATLS v1
TLS_RSA_WITH_AES_128_CBC_SHA256SSL_RSA_WITH_AES_128_CBC_SHA256TLS_RSA_WITH_AES_128_CBC_SHA256TLS v1.2
TLS_SSL_RSA_WITH_AES_256_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHATLS v1
TLSSSL_RSA_WITH_AES_256_CBC_SHA256TLS_RSA_WITH_AES_256_CBC_SHA256TLS v1.2

Required JRE Startup Option for Oracle JRE

Once the Cryptography Extension Jars have been installed, the Java option below needs to be added to the JRE startup . This option enables the use of the equivalent Oracle JRE CipherSuites shown in the table above. 

-Dcom.ibm.mq.cfg.useIBMCipherMappings=false

Defining a Private Keystore for Mutual SSL 

Include Page
Mutual SSL Authentication
Mutual SSL Authentication