Queue manager attributes

WebSphere MQ SSL support includes the following parameters on the ALTER QMGR MQSC command:

SSLKEYR
Sets a queue manager attribute, SSLKeyRepository, which holds the name of the SSL key repository.
SSLCRLNL
Sets a queue manager attribute, SSLCRLNamelist, which holds the name of a namelist of authentication information objects.
SSLCRYP
Sets a queue manager attribute, SSLCryptoHardware, which holds the name of the parameter string required to configure the cryptographic hardware present on the system. This parameter applies only to Windows(R) and UNIX(R) queue managers.
SSLTASKS
Sets a queue manager attribute, SSLTasks, which holds the number of server subtasks to use for processing SSL calls. If you use SSL channels you must have at least two of these tasks. This parameter applies only to z/OS(R) queue managers.
SSLKEYRPWD
Sets a queue manager attribute, SSLKeyRepositoryPassword, which holds the password used to access the i5/OS(TM) certificate store. This parameter applies only to i5/OS queue managers.
SSLRKEYC
Sets a numeric queue manager attribute called SSLKeyResetCount, the total number of unencrypted bytes that are sent and received within an SSL conversation before the secret key is renegotiated. The number of bytes includes control information sent by the message channel agent.
SSLFIPS
Specifies whether only FIPS-certified algorithms are to be used if cryptography is carried out in WebSphere(R) MQ. If cryptographic hardware is configured, the cryptographic modules used are those provided by the hardware product, and these may, or may not, be FIPS-certified to a particular level. This depends on the hardware product in use. For more information about FIPS, see Federal Information Processing Standards (FIPS).

For more information about setting these parameters with the ALTER QMGR MQSC command, refer to the WebSphere MQ Script (MQSC) Command Reference, which also describes when changes to the SSL queue manager attributes become effective.

On i5/OS, you can also set the SSLKEYR and SSLCRLNL parameters with the CHGMQM command.