Queue manager attributes
WebSphere MQ SSL support includes the following parameters on the ALTER QMGR MQSC
command:
- SSLKEYR
- Sets a queue manager attribute, SSLKeyRepository, which holds the name of the SSL key repository.
- SSLCRLNL
- Sets a queue manager attribute, SSLCRLNamelist,
which holds the name of a namelist of authentication information objects.
- SSLCRYP
- Sets a queue manager attribute, SSLCryptoHardware, which holds the name of the parameter string required to configure
the cryptographic hardware present on the system. This parameter
applies only to Windows(R) and UNIX(R) queue managers.
- SSLTASKS
- Sets a queue manager attribute, SSLTasks, which
holds the number of server subtasks to use for processing SSL calls. If you
use SSL channels you must have at least two of these tasks. This parameter
applies only to z/OS(R) queue managers.
- SSLKEYRPWD
- Sets a queue manager attribute, SSLKeyRepositoryPassword, which holds the password used to access the i5/OS(TM) certificate store.
This parameter applies only to i5/OS queue managers.
- SSLRKEYC
- Sets a numeric queue manager attribute called SSLKeyResetCount, the total number of unencrypted bytes that are sent
and received within an SSL conversation before the secret key is renegotiated.
The number of bytes includes control information sent by the message channel
agent.
- SSLFIPS
- Specifies whether only FIPS-certified algorithms are to be used if cryptography
is carried out in WebSphere(R) MQ. If cryptographic hardware is configured,
the cryptographic modules used are those provided by the hardware product,
and these may, or may not, be FIPS-certified to a particular level. This depends
on the hardware product in use. For more information about FIPS, see Federal Information Processing Standards (FIPS).
For more information about setting
these parameters with the ALTER QMGR MQSC command, refer to the WebSphere MQ Script (MQSC) Command Reference,
which also describes when changes to the SSL queue manager attributes become
effective.
On i5/OS, you can also set the SSLKEYR and SSLCRLNL parameters with the CHGMQM command.