SSL properties

Use SSL with WebSphere® MQ and WebSphere MQ File Transfer Edition to prevent unauthorized connections between agents and queue managers, and to encrypt message traffic between agents and queue managers.

For information about using SSL with WebSphere MQ File Transfer Edition, see Configuring SSL encryption for WebSphere MQ File Transfer Edition.

Table 1. SSL properties for the agent.properties file
Property name Description Default value
agentSslCipherSpec Specifies the protocol, hash algorithm, and encryption algorithm used, and how many bits are used in the encryption key, when exchanging data between the agent and the agent queue manager.

The value of agentSslCipherSpec is a cipher specification name. This cipher specification name is the same as the cipher specification name used on the agent queue manager channel. A list of valid cipher specification names is included here: Specifying CipherSpecs in the WebSphere MQ V7.1.0 product documentation.

agentSslCipherSpec is similar to agentSslCipherSuite. If both agentSslCipherSuite and agentSslCipherSpec are specified the value of agentSslCipherSpec is used.

None
agentSslCipherSuite Specifies SSL aspects of how the agent and the agent queue manager exchange data.

The value of agentSslCipherSuite is a cipher suite name. The cipher suite name maps to the cipher specification name used on the agent queue manager channel. For more information, see CipherSuite and CipherSpec name mappings in the WebSphere MQ V7.1.0 product documentation.

agentSslCipherSuite is similar to agentSslCipherSpec. If both agentSslCipherSuite and agentSslCipherSpec are specified the value of agentSslCipherSpec is used.

None
agentSslPeerName Specifies a distinguished name skeleton that must match the name provided by the agent queue manager. The distinguished name is used to check the identifying certificate presented by the queue manager on connection. None
agentSslTrustStore Specifies the location of the certificates that the agent trusts. The value of agentSslTrustStore is a file path. If it is a Windows file path the backslash character (\) must be escaped (\\). None
agentSslTrustStorePassword Specifies the password required to access the truststore. This property is required only if the agentSslTrustStore property is specified. None
agentSslKeyStore Specifies the location of the private key of the agent. The value of agentSslKeyStore is a file path. If it is a Windows file path the backslash character (\) must be escaped (\\). This property is only required if the agent queue manager requires client authentication. None
agentSslKeyStorePassword Specifies the password required to access the private key of the agent. This property is required only if the agentSslKeyStore property is specified. None
Table 2. SSL properties for the coordination.properties file
Property name Description Default value
coordinationSslCipherSpec Specifies the protocol, hash algorithm, and encryption algorithm used, and how many bits are used in the encryption key, when exchanging data between the commands and the coordination queue manager.

The value of coordinationSslCipherSpec is a CipherSpec name. This cipher specification name is the same as the cipher specification name used on the coordination queue manager channel. A list of valid cipher specification names is included in the topic Specifying CipherSpecs in the WebSphere MQ V7.1.0 product documentation.

coordinationSslCipherSpec is similar to coordinationSslCipherSuite. If both coordinationSslCipherSuite and coordinationSslCipherSpec are specified the value of coordinationSslCipherSpec is used.

None
coordinationSslCipherSuite Specifies SSL aspects of how the commands and the coordination queue manager exchange data.

The value of coordinationSslCipherSuite is a cipher suite name. The cipher suite name maps to the cipher specification name used on the agent queue manager channel. For more information, see CipherSuite and CipherSpec name mappings in the WebSphere MQ V7.1.0 product documentation.

coordinationSslCipherSuite is similar to coordinationSslCipherSpec. If both coordinationSslCipherSuite and coordinationSslCipherSpec are specified the value of coordinationSslCipherSpec is used.

None
coordinationSslPeerName Specifies a distinguished name skeleton that must match the name provided by the coordination queue manager. The distinguished name is used to check the identifying certificate presented by the coordination queue manager on connection. None
coordinationSslTrustStore Specifies the location of the certificates that the commands trust. The value of coordinationSslTrustStore is a file path. If it is a Windows file path the backslash character (\) must be escaped (\\). None
coordinationSslTrustStorePassword Specifies the password required to access the truststore. This property is required only if the coordinationSslTrustStore property is specified. None
coordinationSslKeyStore Specifies the location of the private key of the commands. The value of coordinationSslKeyStore is a file path. If it is a Windows file path the backslash character (\) must be escaped (\\). This property is only required if the coordination queue manager requires client authentication. None
coordinationSslKeyStorePassword Specifies the password required to access the private key of the commands. This property is required only if the coordinationSslKeyStore property is specified. None
Table 3. SSL properties for the command.properties file
Property name Description Default value
connectionSslCipherSpec Specifies the protocol, hash algorithm, and encryption algorithm used, and how many bits are used in the encryption key, when exchanging data between the commands and the command queue manager.

The value of connectionSslCipherSpec is a cipher specification name. This cipher specification name is the same as the cipher specification name used on the command queue manager channel. A list of valid cipher specification names is included in the topic Specifying CipherSpecs in the WebSphere MQ V7.1.0 product documentation.

connectionSslCipherSpec is similar to connectionSslCipherSuite. If both connectionSslCipherSuite and connectionSslCipherSpec are specified the value of connectionSslCipherSpec is used.

None
connectionSslCipherSuite Specifies SSL aspects of how the commands and the command queue manager exchange data.

The value of connectionSslCipherSuite is a cipher suite name. The cipher suite name maps to the cipher specification name used on the agent queue manager channel. For more information, see CipherSuite and CipherSpec name mappings in the WebSphere MQ V7.1.0 prouct documentation.

connectionSslCipherSuite is similar to connectionSslCipherSpec. If both connectionSslCipherSuite and connectionSslCipherSpec are specified the value of connectionSslCipherSpec is used.

None
connectionSslPeerName Specifies a distinguished name skeleton that must match the name provided by the command queue manager. The distinguished name is used to check the identifying certificate presented by the command queue manager on connection. None
connectionSslTrustStore Specifies the location of the certificates that the commands trust. The value of connectionSslTrustStore is a file path. If it is a Windows file path the backslash character (\) must be escaped (\\). None
connectionSslTrustStorePassword Specifies the password required to access the truststore. This property is required only if the connectionSslTrustStore property is specified. None
connectionSslKeyStore Specifies the location of the private key of the commands. The value of connectionSslKeyStore is a file path. If it is a Windows file path the backslash character (\) must be escaped (\\). This property is only required if the command queue manager requires client authentication. None
connectionSslKeyStorePassword Specifies the password required to access the private key of the commands. This property is required only if the connectionSslKeyStore property is specified. None

Reference Reference

Feedback

Timestamp icon Last updated: Tuesday, 30 January 2018
http://www.ibm.com/support/knowledgecenter/SSEP7X_7.0.4/com.ibm.wmqfte.doc/props_ssl.htm