You can configure a connection to a secured local or remote WebSphere® MQ queue manager, by setting properties on an MQ node or in an MQEndpoint policy.
When you configure an MQ connection from an MQ node to a WebSphere MQ queue manager, you can optionally configure the connection to use a security identity for authentication, SSL for confidentiality, or both. The security identity, which passes user name and password security credentials to the queue manager, can be used on connections to local or remote queue managers. For connections to remote queue managers, you can choose whether to use the SSL protocol to provide confidentiality on the client connection. IBM Integration Bus supports a subset of the SSL functionality that is supported by WebSphere MQ.
You can use the Security identity property on the MQ node or MQEndpoint policy to pass a user name and password to the queue manager, by specifying a security identity that contains those credentials. The identity is defined using the mqsisetdbparms command.
You can specify that the SSL protocol is to be used when a client connection is made to a remote queue manager, by selecting the Use SSL property on the MQ node or MQEndpoint policy. You can use SSL for client connections that are configured using either the MQ client connection properties or a client channel definition table (CCDT). If you specify SSL on the client connection, you must also specify the location of the SSL key repository by using the mqsichangeproperties command. The SSL key repository is created using the WebSphere MQ GSKit, and it holds the required private and public certificates appropriate to the chosen certificate policy for the queue manager. The SSL key repository password stash file key repository file name.sth, which is created using WebSphere MQ GSKit, must be located in same folder as the key repository.
Follow these steps to complete the configuration of the integration node:
Follow these steps to complete the required connection configuration in the MQ node or MQEndpoint policy:
The MQInput node attempts to connect to the queue manager when the flow is deployed and started. The MQOutput, MQGet, and MQReply nodes attempt to connect when the first message is sent or received. If any connection problems occur, see the WebSphere MQ product documentation for information about any mqrc return code values that are reported in the IBM Integration Bus BIP messages.
If you later decide that you want to control connection properties by using an MQEndpoint policy, you can attach a policy to the message flow node. Property values that are set on the MQ Connection tab are ignored when a policy is attached to the message flow node.