The steps required to complete task 2

To complete this task, follow these steps:

1. Prepare the key repository on each queue manager

On both QMA and QMB, ensure the key repository is correctly set up:

2. Request a CA-signed certificate for each queue manager

On both QMA and QMB, create certificate requests:

3. Add the Certification Authority's certificate to the key repository

On both QMA and QMB, add the CA's certificate to the queue manager's key repository:

4. Add the CA-signed certificate to the key repository

When the signed personal certificate is sent to you by the CA, add the relevant certificate to the queue manager's key repository (on both QMA and QMB):

5. Define sender channel and associated transmission queue

On QMA you need to define a sender channel and the transmission is uses:

DEFINE CHANNEL(TO.QMB) CHLTYPE(SDR) TRPTYPE(TCP) CONNAME(QMB.MACH.COM) XMITQ(QMB)
SSLCIPH(RC2_MD5_EXPORT) DESCR('Sender channel using SSL from QMA to QMB')

DEFINE QLOCAL(QMB) USAGE(XMITQ)

6. Define receiver channel

On QMB, you need to define a receiver channel:

DEFINE CHANNEL(TO.QMB) CHLTYPE(RCVR) TRPTYPE(TCP) SSLCIPH(RC2_MD5_EXPORT)
SSLCAUTH(REQUIRED) DESCR('Receiver channel using SSL to QMB')

7. Start the channel

Now that you have completed all the definitions, if you have not already done so, start the channel initiator on WebSphere(R) MQ for z/OS and, on all platforms, start a listener program on QMB. The listener program listens for incoming network requests and starts the receiver channel when it is needed. For information on how to start a listener, see the WebSphere MQ: Intercommunication manual.

If the channel initiator was already running (on z/OS) or if any SSL channels have run previously, you need to issue a REFRESH SECURITY TYPE(SSL) command. This ensures that all the changes made to the key repository are available.

Start the channel on QMA:

START CHANNEL(TO.QMB)