View Source

Lamaxu version 1.0.5.9 is required in order to use SSL Connections to the MQ queue manager.

Open a web browser and navigate to the Lamaxu Admin page.

Example, http://localhost:8085/admin (the default username and password is admin/password)

Navigate to the 'Queue Managers' tab and enter the required Cipher Suite into the Cipher input box. Note the Cipher Suite used needs to match the Cipher Spec on the MQ channel.

LAMAXU > Queue Manager SSL Configuration > lamaxu_cipher.PNG

To Import a Trust Certificate

keytool -importcert -file mycert.txt -keystore truststore.jks -alias mycert

Where mycert.txt is is your trust certificate.

NOTE: The default password for the truststore.jks file is 'changeit'

Recommended CipherSpecs and Equivalent CipherSuites

https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q113210_.htm

MQ CipherSpec	Equivalent CipherSuite (Oracle JRE)	Protocol
TLS_RSA_WITH_AES_128_CBC_SHA	TLS_RSA_WITH_AES_128_CBC_SHA	TLS v1
TLS_RSA_WITH_AES_128_CBC_SHA256	TLS_RSA_WITH_AES_128_CBC_SHA256	TLS v1.2
TLS_RSA_WITH_AES_256_CBC_SHA	TLS_RSA_WITH_AES_256_CBC_SHA	TLS v1
TLS_RSA_WITH_AES_256_CBC_SHA256	TLS_RSA_WITH_AES_256_CBC_SHA256	TLS v1.2