Migrating Windows Secure Sockets Layer (SSL) connections

This section deals with migrating Windows® Secure Sockets Layer (SSL) connections from WebSphere® MQ Version 5.3 to WebSphere MQ Version 6.0.

General Introduction

WebSphere MQ Version 6.0 provides the Global Security Toolkit (GSKit) on Windows platforms for improved SSL (Secure Sockets Layer) support for queue manager and WebSphere MQ client channels. Follow the guidance in this section to determine whether WebSphere MQ Version 5.3 queue managers or clients have been set up to use SSL connections, and to ensure these channels continue to work with WebSphere MQ Version 6.0. The migration process causes a copy of the certificates stored in the WebSphere MQ Certificate Stores used by WebSphere MQ Version 5.3, to be migrated to a GSKit Key database.

Points to consider

Certificates that are not migrated

A number of certificates are not migrated during this process. These are:

Types of certificate migration

There are two types of certificate migration.

Automatic migration has the advantage that you do not need to specify the location and names for all the WebSphere MQ Certificates Stores and their corresponding GSKit key databases for all the queue managers and the clients as this is derived from the information gathered during the pre-installation processing.

Friendly Name attribute

In the WebSphere MQ Certificate Store file there is one certificate assigned to the queue manager or client. During migration, the copy of this certificate is modified before it is imported into the GSKit database. The modification sets the certificate's Friendly Name attribute to the string ibmwebspheremq followed in lower case by the queue manager name or the client logon ID. The previous Friendly Name value, if any, is lost. This Friendly Name value becomes the label of the certificate in the GSKit key database.

Working with migrated certificates

When WebSphere MQ Version 6.0 has been fully installed, and the certificates from the WebSphere MQ Certificate Stores have been migrated to the GSKit database, you can use the IBM® Key Management (iKeyman) utility to view and manage your certificates. Full details of the iKeyman utility can be found in the WebSphere MQ Security book.