IBM MQ SSL Receiver

This IIEP-only receiver method allows connection with IBM MQ. Prior to release 2023.3, it was named 'IBM Websphere MQ SSL Receiver'. For information on connecting to IBM MQ in a non-SSL way, refer to the JMS Receiver topic.

Prerequisites

Changes to the properties file, outlined below, are implemented when the server is restarted.

Prior to configuration, clicking a dropdown parameter in the 'Choose Receiver' step displays the property name required to supply values that populate the parameter.

Note: In the sharedconfig.properties file, a numbered designation of an integer (1=, 2=, etc.) in the value part of the property indicates that an entry should display in the UI. This allows multiple values to be stored for a single property and is required even when only a single value is required. If property values, such as passwords, should not be displayed in the UI, exclude the numbered designation, as shown in the password examples below.

The numbered designation indicates the order that the options are displayed in the dropdown. For example: <Property name>=1=<Value 1>,2=<Value 2>,3=<Value 3>. Using these numbered designations results in the dropdown showing values in the following order: <Value 1>,<Value 2>,<Value 3>. When duplicate integers exist, only the last value is displayed in the dialog.

As required, configure the following case-sensitive properties in the sharedconfig.properties on the STEP application server:

  1. For Connection URL set the WSMQSSLProviderURL property.

    The elements are needed for each URL in the format [host]:[port]/[channel]:

    • [host] = hostname or IP of the IBM MQ server; in the follow example this is 10.46.88.75

    • [port] = port number for the channel; in the follow example this is 1415

    • [channel] = name of the channel; in the follow example this is BASE.CTL.SVRCONN

    WSMQSSLProviderURL=1=10.46.88.75:1415/BASE.CTL.SVRCONN

  2. For Queue Manager set WSMQSSLQueueManager property. 

    WSMQSSLQueueManager=1=HV088B

  3. For Queue Name set the WSMQSSLQueue property. 

    WSMQSSLQueue=1=LIVE.KITT

  4. For Key Store set the WSMQSSLKeyStoreLocation property.

    This must be in jks format, with the personal certificate for the Queue Manager. To generate, refer to the IBM MQ online help. 

    WSMQSSLKeyStoreLocation=1=file:/workarea/keystore.jks

  5. For Key Store Password, set the WSMQSSLKeyStorePassword property.

    The password can be configured in sharedconfig.properties file or can be typed directly into the parameter. When the parameter is blank, the password from the property is used.

    To prevent the password (or any other selections) from displaying in the UI, do not include a numbered designation. 

    WSMQSSLKeyStorePassword=Pa55w0rd1

  6. For Trust Store, set the WSMQSSLTrustStoreLocation property.

    The Trust Store can be the same file as the Key Store. To generate, refer to IBM MQ online help. 

    WSMQSSLTrustStoreLocation=1=file:/workarea/truststore.jks

  7. For Trust Store Password, set the WSMQSSLTrustStorePassword property.

    The password can be configured in sharedconfig.properties file or can be typed directly into the parameter. When the parameter is blank, the password from the property is used.

    To prevent the password (or any other selections) from displaying in the UI, do not include a numbered designation. 

    WSMQSSLTrustStorePassword=Pa55w0rd2

  8. For Cipher Suite, set the WSMQSSLCipherSuite property.

    Set this property to the same value as SSL CipherSuite in IBM MQ. 

    WSMQSSLCipherSuite=1=CTL_RSA_WITH_AES_256

  9. Contact your IT team to create a trust and key store and copy all URL certificates to the trust and key store.

Example of all property entries

WSMQSSLProviderURL=1=10.46.88.75:1415/BASE.CTL.SVRCONN
WSMQSSLQueueManager=1=HV088B
WSMQSSLQueue=1=LIVE.KITT
WSMQSSLKeyStoreLocation=1=/workarea/key.jks
WSMQSSLKeyStorePassword=Pa55w0rd1
WSMQSSLTrustStoreLocation=1=/workarea/key.jks
WSMQSSLTrustStorePassword=Pa55w0rd2
WSMQSSLCipherSuite=1=CTL_RSA_WITH_AES_256

Configuration

After completing the prerequisite steps, edit the receiver of the IIEP. Use the following parameters to configure the IIEP. For information on a parameter, hover over the parameter field to display help text.

  1. For Receiver, choose IBM MQ SSL Receiver.

  2. For Connection URL, select the URL for connection.

  3. For Queue Manager, select the Queue Manager.

  4. For Queue Name, select the name of the Queue for the connection.

  5. For User Name, if required, enter the user name to be used with this integration.

  6. For Password, if required, enter the password to be used with this integration.

  7. For Key Store, select the key store.

  8. For Key Store Password, leave the parameter blank to use the password from the sharedconfig.properties file, or manually type in a password.

  9. For Trust Store, select the trust store with the CA for the Queue Manager.

  10. For Trust Store Password, leave the parameter blank to use the password from the sharedconfig.properties file, or manually type in a password.

  11. For Cipher Suite, since STEP is running on non-IBM jre, this must be the same value as configured in the Queue Manager.

  12. For Additional Parameters, if required, click the Add parameter link, then enter the Key and Value pairs. For possible keys and values, consult the manual for IBM MQ.

  13. Click the Next button to continue with the IIEP - Configure Endpoint and subsequent steps.