The steps required to complete task 3
To complete this task, follow these steps:
1. Remove QMA's personal certificate
Remove QMA's personal certificate from its key repository. As a result,
QMA will attempt to connect anonymously to QMB.
Note that on all platforms you remove the certificates from
the key repository. If you do not already have a copy of a certificate
and you want to restore it after testing for failure of SSL client authentication,
you must save a copy of the certificate.
- On UNIX(R) and Windows(R) systems, remove from the SSL client's key repository
the certificate labelled:
- For a queue manager, ibmwebspheremq followed by the name of
your queue manager folded to lower case. For example, for QM1, ibmwebspheremqqm1, or,
- For a WebSphere MQ client, ibmwebspheremq followed by your logon user ID
folded to lower case, for example ibmwebspheremqmyuserid.
The procedure for removing personal certificates is described in Deleting a personal certificate from a key repository.
- On i5/OS(TM), remove the certificate labelled ibmwebspheremq followed
by the name of your queue manager folded to lower case. For example, for QM1, ibmwebspheremqqm1. The procedure for removing personal
certificates is described in Removing certificates.
- On z/OS(R), remove from the SSL client's key repository both:
- The certificate labelled ibmWebSphereMQ followed by the name
of your queue manager, for example ibmWebSphereMQQM1
- The default certificate (which might be the ibmWebSphereMQ certificate).
The procedure for removing personal certificates is described in Removing certificates.
2. Refresh the SSL environment (if necessary)
On QMA, if the channel initiator was already running (on z/OS) or if any
SSL channels have run previously, you need to issue a REFRESH SECURITY TYPE(SSL)
command. This ensures that all the changes made to the key repository are
available. On QMA, enter the following command:
REFRESH SECURITY TYPE(SSL)
3. Allow anonymous connections on the receiver
You need to change the receiver definition on QMB to allow anonymous connections.
On QMB, enter the following command:
ALTER CHANNEL(TO.QMB) CHLTYPE(RCVR) SSLCAUTH(OPTIONAL)