SSL functionality is available only if you selected TCP Connection mode while configuring an MQSeries control. For more information on configuration options for the MQSeries control, see Creating and Configuring a New Instance of the MQSeries Control.
This topic includes the following sections:
Setting Server-side SSL Properties
Setting Client-side SSL Properties
Example: Configuring SSL Within a Workflow
The cipher suite algorithm is used to encrypt and decrypt message communication between the MQSeries server and the MQSeries client. If you selected either of the two SSL options while creating a new MQSeries control, you must set the SSL cipher suite before you put or get messages from the queue. This can be done using the following function:
void setSSLCipherSuite(java.lang.String cipherSuite);
The parameter to this function is the string representing the selected SSL cipher suite. You can get the different values for the cipher suites from the final static variables of the MQControlConstants class.
After enabling either of the SSL options for your MQSeries control, you must set server-side SSL properties before you put or get messages from the queue. You can do this using the following function:
void setServerSideSSL(java.lang.String trustStoreLocation, java.lang.String trustStoreType, java.lang.String trustStorePassword) throws com.bea.control.ControlException;
The parameters to this function are:
The path representing the location of the trust store. This parameter is optional, and if not provided, takes the default trust store of the Weblogic JDK.
The type of trust store, for example, JavaKeyStore (JKS). This parameter is optional, and if not provided, takes the default trust store type.
The password for the trust store. This parameter is mandatory if the trustStoreLocation parameter is provided.
After enabling two-way SSL for your MQSeries control, you must set server-side and client-side SSL properties before you put or get messages from the queue. To set the client-side SSL properties, use the following function:
void setClientSideSSL(java.lang.String keyStoreLocation, java.lang.String keyStoreType, java.lang.String keyStorePassword, java.lang.String keyPassword);
The parameters to this function are:
The path representing the location of the key store. This parameter is mandatory.
The type of key store, for example, JKS. This parameter is optional, and if not provided takes the default key store type.
The password for the key store. This parameter is mandatory.
The password for the key. This parameter is optional, and if not provided, considers the keyStorePassword as the keyPassword.
After selecting either of the two SSL options while creating a new MQSeries control, your workflow must adhere to the order of MQSeries control function calls represented in the following figure.
Figure : Example: Configuring SSL Within a Workflow
Warning: If the sequence represented in Figure: Example: Configuring SSL Within a Workflow is not followed in the workflow when SSL authentication is required, the MQSeries Control will throw an exception at runtime.
For information on how to set up the Queue Manager for SSL connections, refer to the MQSeries Product documentation at http://www.IBM.com. SSL support is available only from WebSphere MQ version 5.3 onwards.
![]() |
![]() |