Lamaxu versions greater than 1.0.5.9 are required in order to use SSL Connections to the MQ queue manager.
Open a web browser and navigate to the Lamaxu Admin page.
Example, http://localhost:8085/admin/dashboard/#/mq/admin (the default username and password is admin/password)
Navigate to the 'Queue Managers' tab and enter the required Cipher Suite into the Cipher input box. Note the Cipher Suite used needs to match the Cipher Spec on the MQ channel.
To Import a Trust Certificate
keytool -importcert -file mycert.txt -keystore truststore.jks -alias mycert
Where mycert.txt is is your trust certificate.
The default password for the truststore.jks file is 'changeit'
Recommended CipherSpecs and Equivalent CipherSuites
https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q113210_.htm
MQ CipherSpec | Equivalent CipherSuite (Oracle JRE) | Protocol |
|---|---|---|
| TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA | TLS v1 |
| TLS_RSA_WITH_AES_128_CBC_SHA256 | TLS_RSA_WITH_AES_128_CBC_SHA256 | TLS v1.2 |
| TLS_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA | TLS v1 |
| TLS_RSA_WITH_AES_256_CBC_SHA256 | TLS_RSA_WITH_AES_256_CBC_SHA256 | TLS v1.2 |
Defining a Private Keystore for Mutual SSL
To use Mutual certificate authentication, enter the keystore Filename and Keystore Password, of the keystore with the private key, in the in the Agent Config. The password can be obfuscated here as well.
